diff --git a/charts/k8s-monitoring-v1/Chart.lock b/charts/k8s-monitoring-v1/Chart.lock index 1e53a01ab2..c50565f681 100644 --- a/charts/k8s-monitoring-v1/Chart.lock +++ b/charts/k8s-monitoring-v1/Chart.lock @@ -19,7 +19,7 @@ dependencies: version: 4.43.1 - name: prometheus-operator-crds repository: https://prometheus-community.github.io/helm-charts - version: 17.0.2 + version: 18.0.0 - name: prometheus-windows-exporter repository: https://prometheus-community.github.io/helm-charts version: 0.8.0 @@ -32,5 +32,5 @@ dependencies: - name: beyla repository: https://grafana.github.io/helm-charts version: 1.7.2 -digest: sha256:e9800b1fa0bd85fd465bd8587b4eb1c9944966f86a209635957cb52df9620c91 -generated: "2025-02-06T00:21:47.546323633Z" +digest: sha256:6a2746425d6dffdeab250b0b400f0fb01461373a5a26ebe9d1da8309a7599d64 +generated: "2025-02-12T06:01:37.578640944Z" diff --git a/charts/k8s-monitoring-v1/Chart.yaml b/charts/k8s-monitoring-v1/Chart.yaml index 1c1f6cde80..fcffe541e7 100644 --- a/charts/k8s-monitoring-v1/Chart.yaml +++ b/charts/k8s-monitoring-v1/Chart.yaml @@ -42,7 +42,7 @@ dependencies: repository: https://prometheus-community.github.io/helm-charts condition: prometheus-node-exporter.enabled - name: prometheus-operator-crds - version: 17.0.2 + version: 18.0.0 repository: https://prometheus-community.github.io/helm-charts condition: prometheus-operator-crds.enabled - name: prometheus-windows-exporter diff --git a/charts/k8s-monitoring-v1/README.md b/charts/k8s-monitoring-v1/README.md index 36efaf4d12..b28aeabdd9 100644 --- a/charts/k8s-monitoring-v1/README.md +++ b/charts/k8s-monitoring-v1/README.md @@ -146,7 +146,7 @@ The Prometheus and Loki services may be hosted on the same cluster, or remotely | https://opencost.github.io/opencost-helm-chart | opencost | 1.43.2 | | https://prometheus-community.github.io/helm-charts | kube-state-metrics | 5.29.0 | | https://prometheus-community.github.io/helm-charts | prometheus-node-exporter | 4.43.1 | -| https://prometheus-community.github.io/helm-charts | prometheus-operator-crds | 17.0.2 | +| https://prometheus-community.github.io/helm-charts | prometheus-operator-crds | 18.0.0 | | https://prometheus-community.github.io/helm-charts | prometheus-windows-exporter | 0.8.0 | | https://sustainable-computing-io.github.io/kepler-helm-chart | kepler | 0.5.13 | diff --git a/charts/k8s-monitoring-v1/charts/prometheus-operator-crds-17.0.2.tgz b/charts/k8s-monitoring-v1/charts/prometheus-operator-crds-17.0.2.tgz deleted file mode 100644 index 93e0e0d8cb..0000000000 Binary files a/charts/k8s-monitoring-v1/charts/prometheus-operator-crds-17.0.2.tgz and /dev/null differ diff --git a/charts/k8s-monitoring-v1/charts/prometheus-operator-crds-18.0.0.tgz b/charts/k8s-monitoring-v1/charts/prometheus-operator-crds-18.0.0.tgz new file mode 100644 index 0000000000..fa7c00680e Binary files /dev/null and b/charts/k8s-monitoring-v1/charts/prometheus-operator-crds-18.0.0.tgz differ diff --git a/charts/k8s-monitoring-v1/docs/examples/alloy-autoscaling-and-storage/output.yaml b/charts/k8s-monitoring-v1/docs/examples/alloy-autoscaling-and-storage/output.yaml index debbc9de75..7b85c9e6ef 100644 --- a/charts/k8s-monitoring-v1/docs/examples/alloy-autoscaling-and-storage/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/alloy-autoscaling-and-storage/output.yaml @@ -1229,8 +1229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11267,8 +11267,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19690,7 +19690,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19743,20 +19748,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19809,30 +19822,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19856,18 +19882,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19980,8 +20005,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20876,6 +20901,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21187,8 +21213,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21908,6 +21934,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22361,8 +22388,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27086,7 +27113,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27110,6 +27136,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27122,7 +27155,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28724,6 +28756,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29213,6 +29258,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29250,8 +29307,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29620,6 +29678,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32780,7 +32848,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32833,20 +32906,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32899,30 +32980,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32946,18 +33040,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33114,8 +33207,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38633,6 +38726,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38645,7 +38745,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41185,6 +41284,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41674,6 +41786,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41711,8 +41835,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42081,6 +42206,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45762,7 +45897,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45815,20 +45955,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45881,30 +46029,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45928,18 +46089,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46096,8 +46256,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46256,8 +46416,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46356,137 +46516,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46524,9 +46557,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46581,35 +46614,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46618,18 +46663,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46954,17 +46991,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47010,46 +47044,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47210,48 +47225,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47287,13 +47337,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47302,10 +47433,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47630,12 +47769,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47681,11 +47825,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47846,69 +48025,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47945,109 +48102,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48386,6 +48447,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48432,7 +48496,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48597,21 +48661,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48648,7 +48761,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48707,13 +48820,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48742,9 +48850,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48756,7 +48874,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49082,12 +49200,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49134,20 +49247,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49310,58 +49414,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49386,10 +49553,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49398,18 +49568,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49451,46 +50969,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49651,30 +51138,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49711,7 +51291,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49784,7 +51366,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50109,6 +51691,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50154,15 +51739,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50324,117 +51913,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50472,8 +51973,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50545,8 +52047,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50871,9 +52373,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50919,19 +52418,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51092,30 +52585,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51151,71 +52640,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51226,9 +52660,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51553,292 +52985,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55993,6 +57139,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56032,16 +57179,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56073,9 +57223,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56083,6 +57237,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56264,6 +57419,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56271,6 +57427,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57555,8 +58712,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57771,8 +58929,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58584,6 +59742,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59000,8 +60159,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66834,7 +67993,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66887,20 +68051,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66953,30 +68125,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67000,18 +68185,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68774,34 +69958,34 @@ spec: whenScaled: Delete --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/application-observability/output.yaml b/charts/k8s-monitoring-v1/docs/examples/application-observability/output.yaml index 6878702eeb..f4cb2ad26c 100644 --- a/charts/k8s-monitoring-v1/docs/examples/application-observability/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/application-observability/output.yaml @@ -2279,8 +2279,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -12317,8 +12317,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20740,7 +20740,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20793,20 +20798,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20859,30 +20872,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20906,18 +20932,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -21030,8 +21055,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21926,6 +21951,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -22237,8 +22263,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22958,6 +22984,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -23411,8 +23438,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -28136,7 +28163,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -28160,6 +28186,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -28172,7 +28205,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -29774,6 +29806,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -30263,6 +30308,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -30300,8 +30357,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -30670,6 +30728,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -33830,7 +33898,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33883,20 +33956,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33949,30 +34030,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33996,18 +34090,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -34164,8 +34257,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -39683,6 +39776,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -39695,7 +39795,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -42235,6 +42334,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -42724,6 +42836,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -42761,8 +42885,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -43131,6 +43256,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -46812,7 +46947,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46865,20 +47005,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46931,30 +47079,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46978,18 +47139,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -47146,8 +47306,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47306,8 +47466,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47406,137 +47566,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47574,9 +47607,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -47631,35 +47664,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47668,18 +47713,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -48004,17 +48041,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -48060,46 +48094,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48260,48 +48275,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48337,13 +48387,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48352,10 +48483,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -48680,12 +48819,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -48731,11 +48875,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48896,69 +49075,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48995,109 +49152,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49436,6 +49497,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -49482,7 +49546,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -49647,21 +49711,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49698,7 +49811,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -49757,13 +49870,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49792,9 +49900,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49806,7 +49924,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -50132,12 +50250,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -50184,20 +50297,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50360,58 +50464,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -50436,10 +50603,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -50448,18 +50618,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -50501,46 +52019,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50701,30 +52188,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50761,7 +52341,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -50834,7 +52416,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -51159,6 +52741,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -51204,15 +52789,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -51374,117 +52963,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51522,8 +53023,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -51595,8 +53097,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51921,9 +53423,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51969,19 +53468,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -52142,30 +53635,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -52201,71 +53690,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -52276,9 +53710,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -52603,292 +54035,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -57043,6 +58189,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -57082,16 +58229,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -57123,9 +58273,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -57133,6 +58287,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -57314,6 +58469,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -57321,6 +58477,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -58605,8 +59762,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -58821,8 +59979,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -59634,6 +60792,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -60050,8 +61209,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -67884,7 +69043,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67937,20 +69101,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -68003,30 +69175,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -68050,18 +69235,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -69997,34 +71181,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/azure-aks/output.yaml b/charts/k8s-monitoring-v1/docs/examples/azure-aks/output.yaml index ce1c8c2653..fb1c2f6853 100644 --- a/charts/k8s-monitoring-v1/docs/examples/azure-aks/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/azure-aks/output.yaml @@ -1229,8 +1229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11267,8 +11267,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19690,7 +19690,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19743,20 +19748,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19809,30 +19822,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19856,18 +19882,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19980,8 +20005,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20876,6 +20901,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21187,8 +21213,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21908,6 +21934,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22361,8 +22388,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27086,7 +27113,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27110,6 +27136,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27122,7 +27155,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28724,6 +28756,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29213,6 +29258,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29250,8 +29307,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29620,6 +29678,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32780,7 +32848,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32833,20 +32906,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32899,30 +32980,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32946,18 +33040,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33114,8 +33207,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38633,6 +38726,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38645,7 +38745,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41185,6 +41284,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41674,6 +41786,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41711,8 +41835,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42081,6 +42206,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45762,7 +45897,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45815,20 +45955,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45881,30 +46029,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45928,18 +46089,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46096,8 +46256,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46256,8 +46416,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46356,137 +46516,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46524,9 +46557,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46581,35 +46614,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46618,18 +46663,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46954,17 +46991,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47010,46 +47044,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47210,48 +47225,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47287,13 +47337,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47302,10 +47433,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47630,12 +47769,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47681,11 +47825,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47846,69 +48025,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47945,109 +48102,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48386,6 +48447,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48432,7 +48496,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48597,21 +48661,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48648,7 +48761,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48707,13 +48820,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48742,9 +48850,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48756,7 +48874,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49082,12 +49200,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49134,20 +49247,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49310,58 +49414,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49386,10 +49553,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49398,18 +49568,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49451,46 +50969,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49651,30 +51138,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49711,7 +51291,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49784,7 +51366,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50109,6 +51691,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50154,15 +51739,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50324,117 +51913,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50472,8 +51973,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50545,8 +52047,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50871,9 +52373,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50919,19 +52418,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51092,30 +52585,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51151,71 +52640,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51226,9 +52660,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51553,292 +52985,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55993,6 +57139,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56032,16 +57179,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56073,9 +57223,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56083,6 +57237,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56264,6 +57419,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56271,6 +57427,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57555,8 +58712,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57771,8 +58929,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58584,6 +59742,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59000,8 +60159,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66834,7 +67993,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66887,20 +68051,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66953,30 +68125,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67000,18 +68185,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68718,34 +69902,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/bearer-token-auth/output.yaml b/charts/k8s-monitoring-v1/docs/examples/bearer-token-auth/output.yaml index 57e99df3c5..ca3522e66e 100644 --- a/charts/k8s-monitoring-v1/docs/examples/bearer-token-auth/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/bearer-token-auth/output.yaml @@ -1225,8 +1225,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11263,8 +11263,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19686,7 +19686,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19739,20 +19744,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19805,30 +19818,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19852,18 +19878,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19976,8 +20001,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20872,6 +20897,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21183,8 +21209,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21904,6 +21930,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22357,8 +22384,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27082,7 +27109,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27106,6 +27132,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27118,7 +27151,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28720,6 +28752,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29209,6 +29254,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29246,8 +29303,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29616,6 +29674,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32776,7 +32844,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32829,20 +32902,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32895,30 +32976,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32942,18 +33036,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33110,8 +33203,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38629,6 +38722,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38641,7 +38741,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41181,6 +41280,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41670,6 +41782,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41707,8 +41831,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42077,6 +42202,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45758,7 +45893,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45811,20 +45951,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45877,30 +46025,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45924,18 +46085,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46092,8 +46252,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46252,8 +46412,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46352,137 +46512,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46520,9 +46553,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46577,35 +46610,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46614,18 +46659,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46950,17 +46987,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47006,46 +47040,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47206,48 +47221,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47283,13 +47333,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47298,10 +47429,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47626,12 +47765,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47677,11 +47821,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47842,69 +48021,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47941,109 +48098,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48382,6 +48443,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48428,7 +48492,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48593,21 +48657,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48644,7 +48757,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48703,13 +48816,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48738,9 +48846,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48752,7 +48870,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49078,12 +49196,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49130,20 +49243,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49306,58 +49410,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49382,10 +49549,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49394,18 +49564,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49447,46 +50965,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49647,30 +51134,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49707,7 +51287,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49780,7 +51362,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50105,6 +51687,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50150,15 +51735,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50320,117 +51909,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50468,8 +51969,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50541,8 +52043,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50867,9 +52369,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50915,19 +52414,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51088,30 +52581,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51147,71 +52636,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51222,9 +52656,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51549,292 +52981,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55989,6 +57135,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56028,16 +57175,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56069,9 +57219,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56079,6 +57233,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56260,6 +57415,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56267,6 +57423,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57551,8 +58708,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57767,8 +58925,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58580,6 +59738,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58996,8 +60155,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66830,7 +67989,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66883,20 +68047,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66949,30 +68121,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66996,18 +68181,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68706,34 +69890,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/beyla/output.yaml b/charts/k8s-monitoring-v1/docs/examples/beyla/output.yaml index 160cd02d15..c0f89f0a76 100644 --- a/charts/k8s-monitoring-v1/docs/examples/beyla/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/beyla/output.yaml @@ -1413,8 +1413,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11451,8 +11451,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19874,7 +19874,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19927,20 +19932,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19993,30 +20006,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20040,18 +20066,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20164,8 +20189,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21060,6 +21085,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21371,8 +21397,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22092,6 +22118,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22545,8 +22572,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27270,7 +27297,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27294,6 +27320,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27306,7 +27339,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28908,6 +28940,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29397,6 +29442,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29434,8 +29491,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29804,6 +29862,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32964,7 +33032,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33017,20 +33090,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33083,30 +33164,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33130,18 +33224,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33298,8 +33391,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38817,6 +38910,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38829,7 +38929,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41369,6 +41468,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41858,6 +41970,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41895,8 +42019,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42265,6 +42390,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45946,7 +46081,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45999,20 +46139,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46065,30 +46213,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46112,18 +46273,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46280,8 +46440,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46440,8 +46600,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46540,137 +46700,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46708,9 +46741,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46765,35 +46798,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46802,18 +46847,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47138,17 +47175,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47194,46 +47228,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47394,48 +47409,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47471,13 +47521,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47486,10 +47617,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47814,12 +47953,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47865,11 +48009,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48030,69 +48209,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48129,109 +48286,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48570,6 +48631,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48616,7 +48680,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48781,21 +48845,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48832,7 +48945,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48891,13 +49004,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48926,9 +49034,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48940,7 +49058,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49266,12 +49384,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49318,20 +49431,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49494,58 +49598,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49570,10 +49737,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49582,18 +49752,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49635,46 +51153,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49835,30 +51322,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49895,7 +51475,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49968,7 +51550,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50293,6 +51875,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50338,15 +51923,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50508,117 +52097,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50656,8 +52157,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50729,8 +52231,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51055,9 +52557,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51103,19 +52602,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51276,30 +52769,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51335,71 +52824,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51410,9 +52844,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51737,292 +53169,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56177,6 +57323,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56216,16 +57363,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56257,9 +57407,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56267,6 +57421,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56448,6 +57603,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56455,6 +57611,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57739,8 +58896,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57955,8 +59113,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58768,6 +59926,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59184,8 +60343,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -67018,7 +68177,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67071,20 +68235,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67137,30 +68309,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67184,18 +68369,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68997,34 +70181,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/control-plane-metrics/output.yaml b/charts/k8s-monitoring-v1/docs/examples/control-plane-metrics/output.yaml index 46f6e7f5e8..2a56f776a8 100644 --- a/charts/k8s-monitoring-v1/docs/examples/control-plane-metrics/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/control-plane-metrics/output.yaml @@ -1386,8 +1386,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11424,8 +11424,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19847,7 +19847,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19900,20 +19905,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19966,30 +19979,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20013,18 +20039,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20137,8 +20162,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21033,6 +21058,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21344,8 +21370,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22065,6 +22091,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22518,8 +22545,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27243,7 +27270,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27267,6 +27293,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27279,7 +27312,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28881,6 +28913,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29370,6 +29415,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29407,8 +29464,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29777,6 +29835,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32937,7 +33005,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32990,20 +33063,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33056,30 +33137,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33103,18 +33197,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33271,8 +33364,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38790,6 +38883,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38802,7 +38902,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41342,6 +41441,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41831,6 +41943,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41868,8 +41992,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42238,6 +42363,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45919,7 +46054,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45972,20 +46112,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46038,30 +46186,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46085,18 +46246,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46253,8 +46413,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46413,8 +46573,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46513,137 +46673,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46681,9 +46714,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46738,35 +46771,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46775,18 +46820,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47111,17 +47148,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47167,46 +47201,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47367,48 +47382,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47444,13 +47494,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47459,10 +47590,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47787,12 +47926,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47838,11 +47982,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48003,69 +48182,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48102,109 +48259,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48543,6 +48604,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48589,7 +48653,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48754,21 +48818,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48805,7 +48918,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48864,13 +48977,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48899,9 +49007,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48913,7 +49031,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49239,12 +49357,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49291,20 +49404,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49467,58 +49571,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49543,10 +49710,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49555,18 +49725,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49608,46 +51126,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49808,30 +51295,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49868,7 +51448,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49941,7 +51523,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50266,6 +51848,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50311,15 +51896,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50481,117 +52070,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50629,8 +52130,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50702,8 +52204,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51028,9 +52530,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51076,19 +52575,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51249,30 +52742,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51308,71 +52797,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51383,9 +52817,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51710,292 +53142,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56150,6 +57296,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56189,16 +57336,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56230,9 +57380,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56240,6 +57394,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56421,6 +57576,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56428,6 +57584,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57712,8 +58869,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57928,8 +59086,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58741,6 +59899,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59157,8 +60316,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66991,7 +68150,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67044,20 +68208,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67110,30 +68282,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67157,18 +68342,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68867,34 +70051,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/custom-config/output.yaml b/charts/k8s-monitoring-v1/docs/examples/custom-config/output.yaml index 5f584d5d43..7bd3826bb9 100644 --- a/charts/k8s-monitoring-v1/docs/examples/custom-config/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/custom-config/output.yaml @@ -2292,8 +2292,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -12330,8 +12330,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20753,7 +20753,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20806,20 +20811,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20872,30 +20885,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20919,18 +20945,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -21043,8 +21068,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21939,6 +21964,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -22250,8 +22276,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22971,6 +22997,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -23424,8 +23451,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -28149,7 +28176,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -28173,6 +28199,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -28185,7 +28218,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -29787,6 +29819,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -30276,6 +30321,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -30313,8 +30370,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -30683,6 +30741,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -33843,7 +33911,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33896,20 +33969,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33962,30 +34043,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -34009,18 +34103,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -34177,8 +34270,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -39696,6 +39789,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -39708,7 +39808,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -42248,6 +42347,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -42737,6 +42849,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -42774,8 +42898,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -43144,6 +43269,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -46825,7 +46960,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46878,20 +47018,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46944,30 +47092,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46991,18 +47152,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -47159,8 +47319,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47319,8 +47479,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47419,137 +47579,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47587,9 +47620,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -47644,35 +47677,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47681,18 +47726,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -48017,17 +48054,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -48073,46 +48107,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48273,48 +48288,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48350,13 +48400,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48365,10 +48496,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -48693,12 +48832,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -48744,11 +48888,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48909,69 +49088,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -49008,109 +49165,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49449,6 +49510,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -49495,7 +49559,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -49660,21 +49724,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49711,7 +49824,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -49770,13 +49883,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49805,9 +49913,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49819,7 +49937,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -50145,12 +50263,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -50197,20 +50310,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50373,58 +50477,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -50449,10 +50616,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -50461,18 +50631,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -50514,46 +52032,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50714,30 +52201,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50774,7 +52354,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -50847,7 +52429,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -51172,6 +52754,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -51217,15 +52802,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -51387,117 +52976,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51535,8 +53036,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -51608,8 +53110,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51934,9 +53436,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51982,19 +53481,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -52155,30 +53648,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -52214,71 +53703,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -52289,9 +53723,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -52616,292 +54048,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -57056,6 +58202,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -57095,16 +58242,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -57136,9 +58286,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -57146,6 +58300,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -57327,6 +58482,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -57334,6 +58490,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -58618,8 +59775,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -58834,8 +59992,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -59647,6 +60805,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -60063,8 +61222,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -67897,7 +69056,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67950,20 +69114,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -68016,30 +69188,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -68063,18 +69248,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -70010,34 +71194,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/custom-metrics-tuning/output.yaml b/charts/k8s-monitoring-v1/docs/examples/custom-metrics-tuning/output.yaml index fe2ccb3a7a..ff255fd04c 100644 --- a/charts/k8s-monitoring-v1/docs/examples/custom-metrics-tuning/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/custom-metrics-tuning/output.yaml @@ -869,8 +869,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -10907,8 +10907,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19330,7 +19330,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19383,20 +19388,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19449,30 +19462,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19496,18 +19522,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19620,8 +19645,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20516,6 +20541,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -20827,8 +20853,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21548,6 +21574,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22001,8 +22028,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -26726,7 +26753,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -26750,6 +26776,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -26762,7 +26795,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28364,6 +28396,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -28853,6 +28898,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -28890,8 +28947,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29260,6 +29318,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32420,7 +32488,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32473,20 +32546,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32539,30 +32620,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32586,18 +32680,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -32754,8 +32847,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38273,6 +38366,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38285,7 +38385,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -40825,6 +40924,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41314,6 +41426,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41351,8 +41475,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -41721,6 +41846,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45402,7 +45537,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45455,20 +45595,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45521,30 +45669,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45568,18 +45729,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -45736,8 +45896,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45896,8 +46056,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45996,137 +46156,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46164,9 +46197,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46221,35 +46254,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46258,18 +46303,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46594,17 +46631,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46650,46 +46684,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -46850,48 +46865,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46927,13 +46977,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46942,10 +47073,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47270,12 +47409,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47321,11 +47465,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47486,69 +47665,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47585,109 +47742,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48026,6 +48087,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48072,7 +48136,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48237,21 +48301,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48288,7 +48401,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48347,13 +48460,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48382,9 +48490,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48396,7 +48514,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -48722,12 +48840,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -48774,20 +48887,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48950,58 +49054,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49026,10 +49193,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49038,18 +49208,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49091,46 +50609,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49291,30 +50778,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49351,7 +50931,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49424,7 +51006,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -49749,6 +51331,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -49794,15 +51379,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -49964,117 +51553,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50112,8 +51613,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50185,8 +51687,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50511,9 +52013,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50559,19 +52058,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50732,30 +52225,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50791,71 +52280,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -50866,9 +52300,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51193,292 +52625,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55633,6 +56779,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55672,16 +56819,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -55713,9 +56863,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -55723,6 +56877,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -55904,6 +57059,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -55911,6 +57067,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57195,8 +58352,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57411,8 +58569,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58224,6 +59382,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58640,8 +59799,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66474,7 +67633,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66527,20 +67691,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66593,30 +67765,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66640,18 +67825,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -67877,34 +69061,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/custom-pricing/output.yaml b/charts/k8s-monitoring-v1/docs/examples/custom-pricing/output.yaml index 3ef522c902..62013774a8 100644 --- a/charts/k8s-monitoring-v1/docs/examples/custom-pricing/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/custom-pricing/output.yaml @@ -1251,8 +1251,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11289,8 +11289,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19712,7 +19712,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19765,20 +19770,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19831,30 +19844,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19878,18 +19904,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20002,8 +20027,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20898,6 +20923,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21209,8 +21235,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21930,6 +21956,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22383,8 +22410,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27108,7 +27135,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27132,6 +27158,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27144,7 +27177,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28746,6 +28778,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29235,6 +29280,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29272,8 +29329,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29642,6 +29700,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32802,7 +32870,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32855,20 +32928,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32921,30 +33002,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32968,18 +33062,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33136,8 +33229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38655,6 +38748,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38667,7 +38767,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41207,6 +41306,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41696,6 +41808,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41733,8 +41857,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42103,6 +42228,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45784,7 +45919,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45837,20 +45977,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45903,30 +46051,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45950,18 +46111,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46118,8 +46278,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46278,8 +46438,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46378,137 +46538,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46546,9 +46579,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46603,35 +46636,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46640,18 +46685,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46976,17 +47013,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47032,46 +47066,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47232,48 +47247,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47309,13 +47359,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47324,10 +47455,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47652,12 +47791,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47703,11 +47847,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47868,69 +48047,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47967,109 +48124,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48408,6 +48469,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48454,7 +48518,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48619,21 +48683,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48670,7 +48783,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48729,13 +48842,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48764,9 +48872,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48778,7 +48896,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49104,12 +49222,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49156,20 +49269,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49332,58 +49436,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49408,10 +49575,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49420,18 +49590,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49473,46 +50991,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49673,30 +51160,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49733,7 +51313,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49806,7 +51388,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50131,6 +51713,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50176,15 +51761,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50346,117 +51935,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50494,8 +51995,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50567,8 +52069,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50893,9 +52395,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50941,19 +52440,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51114,30 +52607,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51173,71 +52662,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51248,9 +52682,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51575,292 +53007,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56015,6 +57161,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56054,16 +57201,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56095,9 +57245,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56105,6 +57259,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56286,6 +57441,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56293,6 +57449,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57577,8 +58734,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57793,8 +58951,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58606,6 +59764,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59022,8 +60181,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66856,7 +68015,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66909,20 +68073,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66975,30 +68147,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67022,18 +68207,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68743,34 +69927,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/custom-prometheus-operator-rules/output.yaml b/charts/k8s-monitoring-v1/docs/examples/custom-prometheus-operator-rules/output.yaml index 4ad52bcab4..639c498f42 100644 --- a/charts/k8s-monitoring-v1/docs/examples/custom-prometheus-operator-rules/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/custom-prometheus-operator-rules/output.yaml @@ -956,8 +956,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -10994,8 +10994,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19417,7 +19417,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19470,20 +19475,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19536,30 +19549,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19583,18 +19609,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19707,8 +19732,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20603,6 +20628,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -20914,8 +20940,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21635,6 +21661,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22088,8 +22115,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -26813,7 +26840,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -26837,6 +26863,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -26849,7 +26882,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28451,6 +28483,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -28940,6 +28985,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -28977,8 +29034,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29347,6 +29405,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32507,7 +32575,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32560,20 +32633,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32626,30 +32707,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32673,18 +32767,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -32841,8 +32934,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38360,6 +38453,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38372,7 +38472,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -40912,6 +41011,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41401,6 +41513,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41438,8 +41562,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -41808,6 +41933,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45489,7 +45624,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45542,20 +45682,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45608,30 +45756,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45655,18 +45816,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -45823,8 +45983,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45983,8 +46143,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46083,137 +46243,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46251,9 +46284,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46308,35 +46341,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46345,18 +46390,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46681,17 +46718,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46737,46 +46771,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -46937,48 +46952,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47014,13 +47064,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47029,10 +47160,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47357,12 +47496,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47408,11 +47552,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47573,69 +47752,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47672,109 +47829,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48113,6 +48174,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48159,7 +48223,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48324,21 +48388,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48375,7 +48488,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48434,13 +48547,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48469,9 +48577,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48483,7 +48601,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -48809,12 +48927,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -48861,20 +48974,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49037,58 +49141,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49113,10 +49280,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49125,18 +49295,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49178,46 +50696,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49378,30 +50865,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49438,7 +51018,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49511,7 +51093,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -49836,6 +51418,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -49881,15 +51466,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50051,117 +51640,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50199,8 +51700,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50272,8 +51774,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50598,9 +52100,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50646,19 +52145,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50819,30 +52312,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50878,71 +52367,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -50953,9 +52387,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51280,292 +52712,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55720,6 +56866,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55759,16 +56906,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -55800,9 +56950,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -55810,6 +56964,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -55991,6 +57146,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -55998,6 +57154,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57282,8 +58439,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57498,8 +58656,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58311,6 +59469,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58727,8 +59886,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66561,7 +67720,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66614,20 +67778,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66680,30 +67852,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66727,18 +67912,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -67964,34 +69148,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/default-values/output.yaml b/charts/k8s-monitoring-v1/docs/examples/default-values/output.yaml index 4b2b922d56..9499ae8c46 100644 --- a/charts/k8s-monitoring-v1/docs/examples/default-values/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/default-values/output.yaml @@ -1229,8 +1229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11267,8 +11267,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19690,7 +19690,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19743,20 +19748,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19809,30 +19822,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19856,18 +19882,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19980,8 +20005,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20876,6 +20901,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21187,8 +21213,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21908,6 +21934,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22361,8 +22388,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27086,7 +27113,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27110,6 +27136,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27122,7 +27155,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28724,6 +28756,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29213,6 +29258,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29250,8 +29307,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29620,6 +29678,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32780,7 +32848,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32833,20 +32906,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32899,30 +32980,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32946,18 +33040,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33114,8 +33207,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38633,6 +38726,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38645,7 +38745,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41185,6 +41284,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41674,6 +41786,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41711,8 +41835,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42081,6 +42206,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45762,7 +45897,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45815,20 +45955,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45881,30 +46029,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45928,18 +46089,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46096,8 +46256,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46256,8 +46416,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46356,137 +46516,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46524,9 +46557,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46581,35 +46614,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46618,18 +46663,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46954,17 +46991,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47010,46 +47044,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47210,48 +47225,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47287,13 +47337,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47302,10 +47433,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47630,12 +47769,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47681,11 +47825,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47846,69 +48025,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47945,109 +48102,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48386,6 +48447,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48432,7 +48496,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48597,21 +48661,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48648,7 +48761,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48707,13 +48820,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48742,9 +48850,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48756,7 +48874,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49082,12 +49200,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49134,20 +49247,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49310,58 +49414,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49386,10 +49553,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49398,18 +49568,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49451,46 +50969,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49651,30 +51138,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49711,7 +51291,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49784,7 +51366,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50109,6 +51691,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50154,15 +51739,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50324,117 +51913,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50472,8 +51973,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50545,8 +52047,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50871,9 +52373,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50919,19 +52418,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51092,30 +52585,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51151,71 +52640,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51226,9 +52660,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51553,292 +52985,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55993,6 +57139,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56032,16 +57179,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56073,9 +57223,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56083,6 +57237,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56264,6 +57419,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56271,6 +57427,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57555,8 +58712,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57771,8 +58929,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58584,6 +59742,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59000,8 +60159,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66834,7 +67993,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66887,20 +68051,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66953,30 +68125,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67000,18 +68185,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68710,34 +69894,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/eks-fargate/output.yaml b/charts/k8s-monitoring-v1/docs/examples/eks-fargate/output.yaml index e2e09bc05c..5f01121356 100644 --- a/charts/k8s-monitoring-v1/docs/examples/eks-fargate/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/eks-fargate/output.yaml @@ -1152,8 +1152,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11190,8 +11190,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19613,7 +19613,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19666,20 +19671,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19732,30 +19745,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19779,18 +19805,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19903,8 +19928,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20799,6 +20824,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21110,8 +21136,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21831,6 +21857,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22284,8 +22311,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27009,7 +27036,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27033,6 +27059,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27045,7 +27078,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28647,6 +28679,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29136,6 +29181,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29173,8 +29230,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29543,6 +29601,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32703,7 +32771,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32756,20 +32829,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32822,30 +32903,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32869,18 +32963,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33037,8 +33130,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38556,6 +38649,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38568,7 +38668,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41108,6 +41207,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41597,6 +41709,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41634,8 +41758,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42004,6 +42129,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45685,7 +45820,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45738,20 +45878,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45804,30 +45952,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45851,18 +46012,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46019,8 +46179,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46179,8 +46339,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46279,137 +46439,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46447,9 +46480,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46504,35 +46537,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46541,18 +46586,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46877,17 +46914,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46933,46 +46967,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47133,48 +47148,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47210,13 +47260,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47225,10 +47356,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47553,12 +47692,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47604,11 +47748,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47769,69 +47948,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47868,109 +48025,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48309,6 +48370,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48355,7 +48419,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48520,21 +48584,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48571,7 +48684,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48630,13 +48743,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48665,9 +48773,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48679,7 +48797,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49005,12 +49123,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49057,20 +49170,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49233,58 +49337,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49309,10 +49476,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49321,18 +49491,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49374,46 +50892,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49574,30 +51061,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49634,7 +51214,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49707,7 +51289,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50032,6 +51614,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50077,15 +51662,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50247,117 +51836,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50395,8 +51896,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50468,8 +51970,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50794,9 +52296,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50842,19 +52341,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51015,30 +52508,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51074,71 +52563,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51149,9 +52583,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51476,292 +52908,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55916,6 +57062,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55955,16 +57102,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -55996,9 +57146,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56006,6 +57160,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56187,6 +57342,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56194,6 +57350,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57478,8 +58635,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57694,8 +58852,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58507,6 +59665,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58923,8 +60082,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66757,7 +67916,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66810,20 +67974,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66876,30 +68048,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66923,18 +68108,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68511,34 +69695,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/environment-variables/output.yaml b/charts/k8s-monitoring-v1/docs/examples/environment-variables/output.yaml index 139dae79f8..82678f41f8 100644 --- a/charts/k8s-monitoring-v1/docs/examples/environment-variables/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/environment-variables/output.yaml @@ -1303,8 +1303,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11341,8 +11341,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19764,7 +19764,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19817,20 +19822,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19883,30 +19896,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19930,18 +19956,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20054,8 +20079,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20950,6 +20975,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21261,8 +21287,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21982,6 +22008,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22435,8 +22462,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27160,7 +27187,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27184,6 +27210,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27196,7 +27229,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28798,6 +28830,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29287,6 +29332,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29324,8 +29381,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29694,6 +29752,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32854,7 +32922,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32907,20 +32980,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32973,30 +33054,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33020,18 +33114,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33188,8 +33281,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38707,6 +38800,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38719,7 +38819,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41259,6 +41358,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41748,6 +41860,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41785,8 +41909,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42155,6 +42280,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45836,7 +45971,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45889,20 +46029,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45955,30 +46103,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46002,18 +46163,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46170,8 +46330,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46330,8 +46490,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46430,137 +46590,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46598,9 +46631,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46655,35 +46688,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46692,18 +46737,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47028,17 +47065,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47084,46 +47118,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47284,48 +47299,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47361,13 +47411,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47376,10 +47507,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47704,12 +47843,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47755,11 +47899,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47920,69 +48099,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48019,109 +48176,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48460,6 +48521,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48506,7 +48570,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48671,21 +48735,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48722,7 +48835,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48781,13 +48894,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48816,9 +48924,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48830,7 +48948,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49156,12 +49274,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49208,20 +49321,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49384,58 +49488,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49460,10 +49627,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49472,18 +49642,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49525,46 +51043,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49725,30 +51212,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49785,7 +51365,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49858,7 +51440,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50183,6 +51765,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50228,15 +51813,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50398,117 +51987,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50546,8 +52047,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50619,8 +52121,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50945,9 +52447,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50993,19 +52492,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51166,30 +52659,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51225,71 +52714,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51300,9 +52734,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51627,292 +53059,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56067,6 +57213,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56106,16 +57253,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56147,9 +57297,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56157,6 +57311,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56338,6 +57493,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56345,6 +57501,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57629,8 +58786,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57845,8 +59003,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58658,6 +59816,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59074,8 +60233,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66908,7 +68067,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66961,20 +68125,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67027,30 +68199,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67074,18 +68259,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68787,34 +69971,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/external-secrets/output.yaml b/charts/k8s-monitoring-v1/docs/examples/external-secrets/output.yaml index 512863cc6d..ca3e1d76cc 100644 --- a/charts/k8s-monitoring-v1/docs/examples/external-secrets/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/external-secrets/output.yaml @@ -1203,8 +1203,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11241,8 +11241,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19664,7 +19664,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19717,20 +19722,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19783,30 +19796,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19830,18 +19856,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19954,8 +19979,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20850,6 +20875,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21161,8 +21187,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21882,6 +21908,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22335,8 +22362,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27060,7 +27087,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27084,6 +27110,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27096,7 +27129,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28698,6 +28730,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29187,6 +29232,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29224,8 +29281,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29594,6 +29652,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32754,7 +32822,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32807,20 +32880,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32873,30 +32954,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32920,18 +33014,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33088,8 +33181,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38607,6 +38700,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38619,7 +38719,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41159,6 +41258,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41648,6 +41760,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41685,8 +41809,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42055,6 +42180,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45736,7 +45871,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45789,20 +45929,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45855,30 +46003,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45902,18 +46063,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46070,8 +46230,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46230,8 +46390,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46330,137 +46490,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46498,9 +46531,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46555,35 +46588,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46592,18 +46637,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46928,17 +46965,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46984,46 +47018,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47184,48 +47199,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47261,13 +47311,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47276,10 +47407,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47604,12 +47743,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47655,11 +47799,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47820,69 +47999,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47919,109 +48076,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48360,6 +48421,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48406,7 +48470,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48571,21 +48635,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48622,7 +48735,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48681,13 +48794,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48716,9 +48824,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48730,7 +48848,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49056,12 +49174,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49108,20 +49221,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49284,58 +49388,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49360,10 +49527,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49372,18 +49542,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49425,46 +50943,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49625,30 +51112,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49685,7 +51265,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49758,7 +51340,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50083,6 +51665,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50128,15 +51713,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50298,117 +51887,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50446,8 +51947,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50519,8 +52021,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50845,9 +52347,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50893,19 +52392,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51066,30 +52559,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51125,71 +52614,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51200,9 +52634,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51527,292 +52959,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55967,6 +57113,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56006,16 +57153,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56047,9 +57197,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56057,6 +57211,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56238,6 +57393,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56245,6 +57401,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57529,8 +58686,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57745,8 +58903,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58558,6 +59716,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58974,8 +60133,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66808,7 +67967,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66861,20 +68025,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66927,30 +68099,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66974,18 +68159,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68684,34 +69868,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/extra-rules/output.yaml b/charts/k8s-monitoring-v1/docs/examples/extra-rules/output.yaml index 803b7b913d..00a8d6608d 100644 --- a/charts/k8s-monitoring-v1/docs/examples/extra-rules/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/extra-rules/output.yaml @@ -1356,8 +1356,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11394,8 +11394,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19817,7 +19817,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19870,20 +19875,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19936,30 +19949,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19983,18 +20009,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20107,8 +20132,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21003,6 +21028,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21314,8 +21340,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22035,6 +22061,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22488,8 +22515,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27213,7 +27240,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27237,6 +27263,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27249,7 +27282,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28851,6 +28883,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29340,6 +29385,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29377,8 +29434,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29747,6 +29805,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32907,7 +32975,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32960,20 +33033,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33026,30 +33107,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33073,18 +33167,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33241,8 +33334,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38760,6 +38853,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38772,7 +38872,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41312,6 +41411,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41801,6 +41913,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41838,8 +41962,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42208,6 +42333,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45889,7 +46024,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45942,20 +46082,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46008,30 +46156,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46055,18 +46216,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46223,8 +46383,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46383,8 +46543,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46483,137 +46643,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46651,9 +46684,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46708,35 +46741,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46745,18 +46790,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47081,17 +47118,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47137,46 +47171,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47337,48 +47352,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47414,13 +47464,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47429,10 +47560,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47757,12 +47896,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47808,11 +47952,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47973,69 +48152,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48072,109 +48229,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48513,6 +48574,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48559,7 +48623,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48724,21 +48788,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48775,7 +48888,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48834,13 +48947,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48869,9 +48977,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48883,7 +49001,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49209,12 +49327,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49261,20 +49374,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49437,58 +49541,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49513,10 +49680,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49525,18 +49695,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49578,46 +51096,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49778,30 +51265,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49838,7 +51418,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49911,7 +51493,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50236,6 +51818,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50281,15 +51866,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50451,117 +52040,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50599,8 +52100,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50672,8 +52174,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50998,9 +52500,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51046,19 +52545,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51219,30 +52712,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51278,71 +52767,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51353,9 +52787,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51680,292 +53112,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56120,6 +57266,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56159,16 +57306,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56200,9 +57350,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56210,6 +57364,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56391,6 +57546,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56398,6 +57554,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57682,8 +58839,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57898,8 +59056,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58711,6 +59869,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59127,8 +60286,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66961,7 +68120,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67014,20 +68178,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67080,30 +68252,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67127,18 +68312,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68837,34 +70021,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/gke-autopilot/output.yaml b/charts/k8s-monitoring-v1/docs/examples/gke-autopilot/output.yaml index 5dde64f3a5..fefd5f9930 100644 --- a/charts/k8s-monitoring-v1/docs/examples/gke-autopilot/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/gke-autopilot/output.yaml @@ -1165,8 +1165,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11203,8 +11203,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19626,7 +19626,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19679,20 +19684,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19745,30 +19758,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19792,18 +19818,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19916,8 +19941,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20812,6 +20837,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21123,8 +21149,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21844,6 +21870,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22297,8 +22324,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27022,7 +27049,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27046,6 +27072,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27058,7 +27091,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28660,6 +28692,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29149,6 +29194,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29186,8 +29243,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29556,6 +29614,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32716,7 +32784,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32769,20 +32842,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32835,30 +32916,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32882,18 +32976,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33050,8 +33143,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38569,6 +38662,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38581,7 +38681,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41121,6 +41220,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41610,6 +41722,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41647,8 +41771,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42017,6 +42142,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45698,7 +45833,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45751,20 +45891,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45817,30 +45965,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45864,18 +46025,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46032,8 +46192,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46192,8 +46352,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46292,137 +46452,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46460,9 +46493,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46517,35 +46550,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46554,18 +46599,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46890,17 +46927,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46946,46 +46980,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47146,48 +47161,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47223,13 +47273,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47238,10 +47369,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47566,12 +47705,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47617,11 +47761,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47782,69 +47961,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47881,109 +48038,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48322,6 +48383,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48368,7 +48432,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48533,21 +48597,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48584,7 +48697,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48643,13 +48756,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48678,9 +48786,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48692,7 +48810,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49018,12 +49136,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49070,20 +49183,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49246,58 +49350,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49322,10 +49489,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49334,18 +49504,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49387,46 +50905,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49587,30 +51074,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49647,7 +51227,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49720,7 +51302,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50045,6 +51627,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50090,15 +51675,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50260,117 +51849,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50408,8 +51909,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50481,8 +51983,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50807,9 +52309,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50855,19 +52354,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51028,30 +52521,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51087,71 +52576,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51162,9 +52596,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51489,292 +52921,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55929,6 +57075,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55968,16 +57115,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56009,9 +57159,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56019,6 +57173,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56200,6 +57355,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56207,6 +57363,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57491,8 +58648,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57707,8 +58865,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58520,6 +59678,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58936,8 +60095,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66770,7 +67929,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66823,20 +67987,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66889,30 +68061,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66936,18 +68121,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68493,34 +69677,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/ibm-cloud/output.yaml b/charts/k8s-monitoring-v1/docs/examples/ibm-cloud/output.yaml index 13a12752ce..7616feee6b 100644 --- a/charts/k8s-monitoring-v1/docs/examples/ibm-cloud/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/ibm-cloud/output.yaml @@ -1229,8 +1229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11267,8 +11267,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19690,7 +19690,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19743,20 +19748,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19809,30 +19822,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19856,18 +19882,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19980,8 +20005,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20876,6 +20901,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21187,8 +21213,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21908,6 +21934,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22361,8 +22388,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27086,7 +27113,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27110,6 +27136,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27122,7 +27155,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28724,6 +28756,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29213,6 +29258,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29250,8 +29307,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29620,6 +29678,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32780,7 +32848,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32833,20 +32906,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32899,30 +32980,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32946,18 +33040,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33114,8 +33207,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38633,6 +38726,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38645,7 +38745,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41185,6 +41284,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41674,6 +41786,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41711,8 +41835,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42081,6 +42206,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45762,7 +45897,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45815,20 +45955,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45881,30 +46029,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45928,18 +46089,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46096,8 +46256,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46256,8 +46416,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46356,137 +46516,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46524,9 +46557,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46581,35 +46614,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46618,18 +46663,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46954,17 +46991,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47010,46 +47044,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47210,48 +47225,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47287,13 +47337,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47302,10 +47433,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47630,12 +47769,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47681,11 +47825,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47846,69 +48025,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47945,109 +48102,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48386,6 +48447,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48432,7 +48496,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48597,21 +48661,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48648,7 +48761,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48707,13 +48820,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48742,9 +48850,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48756,7 +48874,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49082,12 +49200,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49134,20 +49247,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49310,58 +49414,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49386,10 +49553,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49398,18 +49568,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49451,46 +50969,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49651,30 +51138,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49711,7 +51291,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49784,7 +51366,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50109,6 +51691,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50154,15 +51739,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50324,117 +51913,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50472,8 +51973,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50545,8 +52047,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50871,9 +52373,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50919,19 +52418,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51092,30 +52585,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51151,71 +52640,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51226,9 +52660,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51553,292 +52985,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55993,6 +57139,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56032,16 +57179,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56073,9 +57223,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56083,6 +57237,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56264,6 +57419,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56271,6 +57427,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57555,8 +58712,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57771,8 +58929,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58584,6 +59742,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59000,8 +60159,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66834,7 +67993,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66887,20 +68051,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66953,30 +68125,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67000,18 +68185,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68716,34 +69900,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/metric-module-imports-extra-config/output.yaml b/charts/k8s-monitoring-v1/docs/examples/metric-module-imports-extra-config/output.yaml index ae02c47fc2..95d9094019 100644 --- a/charts/k8s-monitoring-v1/docs/examples/metric-module-imports-extra-config/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/metric-module-imports-extra-config/output.yaml @@ -1245,8 +1245,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11283,8 +11283,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19706,7 +19706,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19759,20 +19764,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19825,30 +19838,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19872,18 +19898,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19996,8 +20021,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20892,6 +20917,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21203,8 +21229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21924,6 +21950,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22377,8 +22404,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27102,7 +27129,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27126,6 +27152,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27138,7 +27171,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28740,6 +28772,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29229,6 +29274,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29266,8 +29323,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29636,6 +29694,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32796,7 +32864,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32849,20 +32922,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32915,30 +32996,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32962,18 +33056,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33130,8 +33223,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38649,6 +38742,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38661,7 +38761,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41201,6 +41300,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41690,6 +41802,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41727,8 +41851,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42097,6 +42222,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45778,7 +45913,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45831,20 +45971,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45897,30 +46045,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45944,18 +46105,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46112,8 +46272,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46272,8 +46432,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46372,137 +46532,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46540,9 +46573,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46597,35 +46630,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46634,18 +46679,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46970,17 +47007,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47026,46 +47060,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47226,48 +47241,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47303,13 +47353,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47318,10 +47449,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47646,12 +47785,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47697,11 +47841,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47862,69 +48041,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47961,109 +48118,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48402,6 +48463,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48448,7 +48512,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48613,21 +48677,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48664,7 +48777,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48723,13 +48836,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48758,9 +48866,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48772,7 +48890,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49098,12 +49216,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49150,20 +49263,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49326,58 +49430,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49402,10 +49569,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49414,18 +49584,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49467,46 +50985,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49667,30 +51154,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49727,7 +51307,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49800,7 +51382,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50125,6 +51707,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50170,15 +51755,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50340,117 +51929,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50488,8 +51989,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50561,8 +52063,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50887,9 +52389,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50935,19 +52434,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51108,30 +52601,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51167,71 +52656,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51242,9 +52676,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51569,292 +53001,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56009,6 +57155,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56048,16 +57195,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56089,9 +57239,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56099,6 +57253,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56280,6 +57435,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56287,6 +57443,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57571,8 +58728,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57787,8 +58945,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58600,6 +59758,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59016,8 +60175,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66850,7 +68009,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66903,20 +68067,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66969,30 +68141,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67016,18 +68201,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68726,34 +69910,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/metric-module-imports/output.yaml b/charts/k8s-monitoring-v1/docs/examples/metric-module-imports/output.yaml index da4420b011..e3d74eb78a 100644 --- a/charts/k8s-monitoring-v1/docs/examples/metric-module-imports/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/metric-module-imports/output.yaml @@ -1406,8 +1406,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11444,8 +11444,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19867,7 +19867,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19920,20 +19925,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19986,30 +19999,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20033,18 +20059,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20157,8 +20182,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21053,6 +21078,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21364,8 +21390,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22085,6 +22111,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22538,8 +22565,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27263,7 +27290,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27287,6 +27313,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27299,7 +27332,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28901,6 +28933,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29390,6 +29435,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29427,8 +29484,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29797,6 +29855,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32957,7 +33025,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33010,20 +33083,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33076,30 +33157,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33123,18 +33217,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33291,8 +33384,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38810,6 +38903,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38822,7 +38922,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41362,6 +41461,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41851,6 +41963,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41888,8 +42012,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42258,6 +42383,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45939,7 +46074,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45992,20 +46132,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46058,30 +46206,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46105,18 +46266,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46273,8 +46433,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46433,8 +46593,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46533,137 +46693,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46701,9 +46734,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46758,35 +46791,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46795,18 +46840,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47131,17 +47168,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47187,46 +47221,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47387,48 +47402,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47464,13 +47514,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47479,10 +47610,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47807,12 +47946,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47858,11 +48002,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48023,69 +48202,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48122,109 +48279,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48563,6 +48624,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48609,7 +48673,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48774,21 +48838,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48825,7 +48938,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48884,13 +48997,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48919,9 +49027,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48933,7 +49051,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49259,12 +49377,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49311,20 +49424,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49487,58 +49591,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49563,10 +49730,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49575,18 +49745,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49628,46 +51146,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49828,30 +51315,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49888,7 +51468,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49961,7 +51543,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50286,6 +51868,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50331,15 +51916,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50501,117 +52090,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50649,8 +52150,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50722,8 +52224,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51048,9 +52550,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51096,19 +52595,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51269,30 +52762,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51328,71 +52817,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51403,9 +52837,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51730,292 +53162,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56170,6 +57316,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56209,16 +57356,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56250,9 +57400,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56260,6 +57414,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56441,6 +57596,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56448,6 +57604,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57732,8 +58889,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57948,8 +59106,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58761,6 +59919,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59177,8 +60336,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -67011,7 +68170,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67064,20 +68228,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67130,30 +68302,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67177,18 +68362,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68887,34 +70071,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/metrics-only/output.yaml b/charts/k8s-monitoring-v1/docs/examples/metrics-only/output.yaml index df3ddd8177..1c9be27974 100644 --- a/charts/k8s-monitoring-v1/docs/examples/metrics-only/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/metrics-only/output.yaml @@ -875,8 +875,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -10913,8 +10913,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19336,7 +19336,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19389,20 +19394,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19455,30 +19468,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19502,18 +19528,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19626,8 +19651,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20522,6 +20547,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -20833,8 +20859,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21554,6 +21580,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22007,8 +22034,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -26732,7 +26759,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -26756,6 +26782,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -26768,7 +26801,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28370,6 +28402,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -28859,6 +28904,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -28896,8 +28953,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29266,6 +29324,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32426,7 +32494,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32479,20 +32552,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32545,30 +32626,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32592,18 +32686,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -32760,8 +32853,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38279,6 +38372,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38291,7 +38391,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -40831,6 +40930,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41320,6 +41432,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41357,8 +41481,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -41727,6 +41852,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45408,7 +45543,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45461,20 +45601,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45527,30 +45675,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45574,18 +45735,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -45742,8 +45902,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45902,8 +46062,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46002,137 +46162,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46170,9 +46203,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46227,35 +46260,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46264,18 +46309,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46600,17 +46637,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46656,46 +46690,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -46856,48 +46871,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46933,13 +46983,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46948,10 +47079,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47276,12 +47415,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47327,11 +47471,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47492,69 +47671,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47591,109 +47748,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48032,6 +48093,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48078,7 +48142,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48243,21 +48307,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48294,7 +48407,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48353,13 +48466,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48388,9 +48496,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48402,7 +48520,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -48728,12 +48846,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -48780,20 +48893,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48956,58 +49060,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49032,10 +49199,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49044,18 +49214,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49097,46 +50615,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49297,30 +50784,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49357,7 +50937,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49430,7 +51012,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -49755,6 +51337,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -49800,15 +51385,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -49970,117 +51559,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50118,8 +51619,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50191,8 +51693,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50517,9 +52019,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50565,19 +52064,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50738,30 +52231,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50797,71 +52286,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -50872,9 +52306,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51199,292 +52631,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55639,6 +56785,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55678,16 +56825,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -55719,9 +56869,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -55729,6 +56883,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -55910,6 +57065,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -55917,6 +57073,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57201,8 +58358,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57417,8 +58575,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58230,6 +59388,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58646,8 +59805,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66480,7 +67639,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66533,20 +67697,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66599,30 +67771,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66646,18 +67831,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -67883,34 +69067,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/openshift-compatible/output.yaml b/charts/k8s-monitoring-v1/docs/examples/openshift-compatible/output.yaml index dcbbcb8f98..670e88a733 100644 --- a/charts/k8s-monitoring-v1/docs/examples/openshift-compatible/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/openshift-compatible/output.yaml @@ -1200,8 +1200,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11238,8 +11238,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19661,7 +19661,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19714,20 +19719,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19780,30 +19793,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19827,18 +19853,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19951,8 +19976,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20847,6 +20872,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21158,8 +21184,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21879,6 +21905,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22332,8 +22359,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27057,7 +27084,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27081,6 +27107,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27093,7 +27126,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28695,6 +28727,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29184,6 +29229,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29221,8 +29278,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29591,6 +29649,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32751,7 +32819,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32804,20 +32877,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32870,30 +32951,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32917,18 +33011,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33085,8 +33178,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38604,6 +38697,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38616,7 +38716,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41156,6 +41255,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41645,6 +41757,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41682,8 +41806,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42052,6 +42177,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45733,7 +45868,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45786,20 +45926,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45852,30 +46000,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45899,18 +46060,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46067,8 +46227,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46227,8 +46387,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46327,137 +46487,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46495,9 +46528,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46552,35 +46585,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46589,18 +46634,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46925,17 +46962,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46981,46 +47015,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47181,48 +47196,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47258,13 +47308,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47273,10 +47404,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47601,12 +47740,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47652,11 +47796,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47817,69 +47996,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47916,109 +48073,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48357,6 +48418,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48403,7 +48467,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48568,21 +48632,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48619,7 +48732,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48678,13 +48791,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48713,9 +48821,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48727,7 +48845,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49053,12 +49171,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49105,20 +49218,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49281,58 +49385,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49357,10 +49524,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49369,18 +49539,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49422,46 +50940,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49622,30 +51109,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49682,7 +51262,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49755,7 +51337,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50080,6 +51662,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50125,15 +51710,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50295,117 +51884,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50443,8 +51944,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50516,8 +52018,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50842,9 +52344,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50890,19 +52389,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51063,30 +52556,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51122,71 +52611,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51197,9 +52631,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51524,292 +52956,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55964,6 +57110,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56003,16 +57150,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56044,9 +57194,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56054,6 +57208,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56235,6 +57390,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56242,6 +57398,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57526,8 +58683,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57742,8 +58900,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58555,6 +59713,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58971,8 +60130,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66805,7 +67964,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66858,20 +68022,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66924,30 +68096,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66971,18 +68156,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68382,34 +69566,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/platform_specific/openshift/alloy-scc.yaml apiVersion: security.openshift.io/v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/otel-metrics-service/output.yaml b/charts/k8s-monitoring-v1/docs/examples/otel-metrics-service/output.yaml index 5010d7ad22..93bfd25e1f 100644 --- a/charts/k8s-monitoring-v1/docs/examples/otel-metrics-service/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/otel-metrics-service/output.yaml @@ -1246,8 +1246,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11284,8 +11284,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19707,7 +19707,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19760,20 +19765,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19826,30 +19839,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19873,18 +19899,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19997,8 +20022,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20893,6 +20918,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21204,8 +21230,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21925,6 +21951,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22378,8 +22405,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27103,7 +27130,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27127,6 +27153,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27139,7 +27172,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28741,6 +28773,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29230,6 +29275,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29267,8 +29324,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29637,6 +29695,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32797,7 +32865,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32850,20 +32923,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32916,30 +32997,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32963,18 +33057,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33131,8 +33224,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38650,6 +38743,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38662,7 +38762,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41202,6 +41301,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41691,6 +41803,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41728,8 +41852,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42098,6 +42223,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45779,7 +45914,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45832,20 +45972,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45898,30 +46046,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45945,18 +46106,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46113,8 +46273,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46273,8 +46433,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46373,137 +46533,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46541,9 +46574,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46598,35 +46631,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46635,18 +46680,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46971,17 +47008,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47027,46 +47061,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47227,48 +47242,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47304,13 +47354,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47319,10 +47450,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47647,12 +47786,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47698,11 +47842,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47863,69 +48042,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47962,109 +48119,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48403,6 +48464,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48449,7 +48513,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48614,21 +48678,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48665,7 +48778,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48724,13 +48837,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48759,9 +48867,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48773,7 +48891,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49099,12 +49217,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49151,20 +49264,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49327,58 +49431,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49403,10 +49570,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49415,18 +49585,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49468,46 +50986,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49668,30 +51155,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49728,7 +51308,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49801,7 +51383,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50126,6 +51708,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50171,15 +51756,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50341,117 +51930,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50489,8 +51990,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50562,8 +52064,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50888,9 +52390,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50936,19 +52435,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51109,30 +52602,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51168,71 +52657,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51243,9 +52677,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51570,292 +53002,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56010,6 +57156,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56049,16 +57196,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56090,9 +57240,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56100,6 +57254,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56281,6 +57436,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56288,6 +57444,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57572,8 +58729,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57788,8 +58946,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58601,6 +59759,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59017,8 +60176,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66851,7 +68010,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66904,20 +68068,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66970,30 +68142,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67017,18 +68202,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68727,34 +69911,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/pod-labels/output.yaml b/charts/k8s-monitoring-v1/docs/examples/pod-labels/output.yaml index 8e4a6212aa..7e48d462dd 100644 --- a/charts/k8s-monitoring-v1/docs/examples/pod-labels/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/pod-labels/output.yaml @@ -1316,8 +1316,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11354,8 +11354,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19777,7 +19777,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19830,20 +19835,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19896,30 +19909,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19943,18 +19969,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20067,8 +20092,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20963,6 +20988,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21274,8 +21300,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21995,6 +22021,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22448,8 +22475,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27173,7 +27200,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27197,6 +27223,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27209,7 +27242,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28811,6 +28843,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29300,6 +29345,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29337,8 +29394,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29707,6 +29765,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32867,7 +32935,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32920,20 +32993,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32986,30 +33067,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33033,18 +33127,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33201,8 +33294,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38720,6 +38813,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38732,7 +38832,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41272,6 +41371,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41761,6 +41873,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41798,8 +41922,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42168,6 +42293,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45849,7 +45984,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45902,20 +46042,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45968,30 +46116,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46015,18 +46176,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46183,8 +46343,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46343,8 +46503,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46443,137 +46603,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46611,9 +46644,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46668,35 +46701,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46705,18 +46750,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47041,17 +47078,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47097,46 +47131,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47297,48 +47312,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47374,13 +47424,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47389,10 +47520,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47717,12 +47856,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47768,11 +47912,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47933,69 +48112,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48032,109 +48189,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48473,6 +48534,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48519,7 +48583,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48684,21 +48748,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48735,7 +48848,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48794,13 +48907,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48829,9 +48937,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48843,7 +48961,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49169,12 +49287,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49221,20 +49334,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49397,58 +49501,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49473,10 +49640,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49485,18 +49655,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49538,46 +51056,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49738,30 +51225,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49798,7 +51378,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49871,7 +51453,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50196,6 +51778,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50241,15 +51826,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50411,117 +52000,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50559,8 +52060,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50632,8 +52134,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50958,9 +52460,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51006,19 +52505,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51179,30 +52672,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51238,71 +52727,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51313,9 +52747,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51640,292 +53072,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56080,6 +57226,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56119,16 +57266,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56160,9 +57310,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56170,6 +57324,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56351,6 +57506,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56358,6 +57514,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57642,8 +58799,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57858,8 +59016,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58671,6 +59829,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59087,8 +60246,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66921,7 +68080,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66974,20 +68138,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67040,30 +68212,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67087,18 +68272,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68797,34 +69981,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/private-image-registry/output.yaml b/charts/k8s-monitoring-v1/docs/examples/private-image-registry/output.yaml index da17c7e7d3..c067252768 100644 --- a/charts/k8s-monitoring-v1/docs/examples/private-image-registry/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/private-image-registry/output.yaml @@ -1233,8 +1233,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11271,8 +11271,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19694,7 +19694,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19747,20 +19752,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19813,30 +19826,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19860,18 +19886,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19984,8 +20009,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20880,6 +20905,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21191,8 +21217,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21912,6 +21938,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22365,8 +22392,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27090,7 +27117,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27114,6 +27140,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27126,7 +27159,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28728,6 +28760,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29217,6 +29262,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29254,8 +29311,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29624,6 +29682,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32784,7 +32852,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32837,20 +32910,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32903,30 +32984,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32950,18 +33044,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33118,8 +33211,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38637,6 +38730,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38649,7 +38749,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41189,6 +41288,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41678,6 +41790,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41715,8 +41839,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42085,6 +42210,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45766,7 +45901,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45819,20 +45959,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45885,30 +46033,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45932,18 +46093,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46100,8 +46260,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46260,8 +46420,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46360,137 +46520,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46528,9 +46561,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46585,35 +46618,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46622,18 +46667,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46958,17 +46995,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47014,46 +47048,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47214,48 +47229,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47291,13 +47341,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47306,10 +47437,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47634,12 +47773,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47685,11 +47829,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47850,69 +48029,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47949,109 +48106,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48390,6 +48451,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48436,7 +48500,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48601,21 +48665,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48652,7 +48765,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48711,13 +48824,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48746,9 +48854,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48760,7 +48878,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49086,12 +49204,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49138,20 +49251,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49314,58 +49418,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49390,10 +49557,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49402,18 +49572,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49455,46 +50973,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49655,30 +51142,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49715,7 +51295,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49788,7 +51370,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50113,6 +51695,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50158,15 +51743,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50328,117 +51917,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50476,8 +51977,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50549,8 +52051,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50875,9 +52377,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50923,19 +52422,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51096,30 +52589,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51155,71 +52644,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51230,9 +52664,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51557,292 +52989,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55997,6 +57143,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56036,16 +57183,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56077,9 +57227,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56087,6 +57241,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56268,6 +57423,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56275,6 +57431,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57559,8 +58716,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57775,8 +58933,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58588,6 +59746,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59004,8 +60163,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66838,7 +67997,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66891,20 +68055,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66957,30 +68129,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67004,18 +68189,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68726,34 +69910,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/profiles-enabled/output.yaml b/charts/k8s-monitoring-v1/docs/examples/profiles-enabled/output.yaml index 1c8dd39c08..b675db6b3d 100644 --- a/charts/k8s-monitoring-v1/docs/examples/profiles-enabled/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/profiles-enabled/output.yaml @@ -2190,8 +2190,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -12228,8 +12228,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20651,7 +20651,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20704,20 +20709,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20770,30 +20783,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20817,18 +20843,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20941,8 +20966,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21837,6 +21862,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -22148,8 +22174,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22869,6 +22895,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -23322,8 +23349,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -28047,7 +28074,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -28071,6 +28097,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -28083,7 +28116,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -29685,6 +29717,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -30174,6 +30219,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -30211,8 +30268,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -30581,6 +30639,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -33741,7 +33809,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33794,20 +33867,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33860,30 +33941,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33907,18 +34001,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -34075,8 +34168,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -39594,6 +39687,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -39606,7 +39706,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -42146,6 +42245,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -42635,6 +42747,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -42672,8 +42796,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -43042,6 +43167,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -46723,7 +46858,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46776,20 +46916,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46842,30 +46990,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46889,18 +47050,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -47057,8 +47217,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47217,8 +47377,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47317,137 +47477,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47485,9 +47518,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -47542,35 +47575,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47579,18 +47624,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47915,17 +47952,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47971,46 +48005,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48171,48 +48186,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48248,13 +48298,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48263,10 +48394,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -48591,12 +48730,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -48642,11 +48786,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48807,69 +48986,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48906,109 +49063,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49347,6 +49408,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -49393,7 +49457,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -49558,21 +49622,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49609,7 +49722,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -49668,13 +49781,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49703,9 +49811,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49717,7 +49835,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -50043,12 +50161,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -50095,20 +50208,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50271,58 +50375,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -50347,10 +50514,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -50359,18 +50529,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -50412,46 +51930,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50612,30 +52099,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50672,7 +52252,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -50745,7 +52327,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -51070,6 +52652,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -51115,15 +52700,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -51285,117 +52874,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51433,8 +52934,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -51506,8 +53008,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51832,9 +53334,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51880,19 +53379,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -52053,30 +53546,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -52112,71 +53601,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -52187,9 +53621,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -52514,292 +53946,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56954,6 +58100,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56993,16 +58140,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -57034,9 +58184,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -57044,6 +58198,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -57225,6 +58380,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -57232,6 +58388,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -58516,8 +59673,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -58732,8 +59890,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -59545,6 +60703,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59961,8 +61120,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -67795,7 +68954,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67848,20 +69012,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67914,30 +69086,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67961,18 +69146,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -69908,34 +71092,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/proxies/output.yaml b/charts/k8s-monitoring-v1/docs/examples/proxies/output.yaml index 344201d129..6c4714e646 100644 --- a/charts/k8s-monitoring-v1/docs/examples/proxies/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/proxies/output.yaml @@ -1245,8 +1245,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11283,8 +11283,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19706,7 +19706,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19759,20 +19764,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19825,30 +19838,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19872,18 +19898,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19996,8 +20021,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20892,6 +20917,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21203,8 +21229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21924,6 +21950,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22377,8 +22404,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27102,7 +27129,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27126,6 +27152,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27138,7 +27171,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28740,6 +28772,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29229,6 +29274,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29266,8 +29323,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29636,6 +29694,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32796,7 +32864,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32849,20 +32922,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32915,30 +32996,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32962,18 +33056,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33130,8 +33223,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38649,6 +38742,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38661,7 +38761,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41201,6 +41300,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41690,6 +41802,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41727,8 +41851,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42097,6 +42222,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45778,7 +45913,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45831,20 +45971,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45897,30 +46045,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45944,18 +46105,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46112,8 +46272,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46272,8 +46432,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46372,137 +46532,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46540,9 +46573,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46597,35 +46630,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46634,18 +46679,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46970,17 +47007,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47026,46 +47060,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47226,48 +47241,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47303,13 +47353,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47318,10 +47449,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47646,12 +47785,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47697,11 +47841,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47862,69 +48041,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47961,109 +48118,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48402,6 +48463,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48448,7 +48512,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48613,21 +48677,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48664,7 +48777,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48723,13 +48836,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48758,9 +48866,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48772,7 +48890,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49098,12 +49216,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49150,20 +49263,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49326,58 +49430,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49402,10 +49569,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49414,18 +49584,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49467,46 +50985,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49667,30 +51154,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49727,7 +51307,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49800,7 +51382,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50125,6 +51707,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50170,15 +51755,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50340,117 +51929,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50488,8 +51989,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50561,8 +52063,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50887,9 +52389,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50935,19 +52434,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51108,30 +52601,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51167,71 +52656,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51242,9 +52676,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51569,292 +53001,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56009,6 +57155,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56048,16 +57195,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56089,9 +57239,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56099,6 +57253,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56280,6 +57435,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56287,6 +57443,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57571,8 +58728,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57787,8 +58945,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58600,6 +59758,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59016,8 +60175,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66850,7 +68009,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66903,20 +68067,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66969,30 +68141,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67016,18 +68201,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68726,34 +69910,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/scrape-intervals/output.yaml b/charts/k8s-monitoring-v1/docs/examples/scrape-intervals/output.yaml index 3ec1aa45c9..081050befd 100644 --- a/charts/k8s-monitoring-v1/docs/examples/scrape-intervals/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/scrape-intervals/output.yaml @@ -874,8 +874,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -10912,8 +10912,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19335,7 +19335,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19388,20 +19393,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19454,30 +19467,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19501,18 +19527,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19625,8 +19650,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20521,6 +20546,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -20832,8 +20858,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21553,6 +21579,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22006,8 +22033,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -26731,7 +26758,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -26755,6 +26781,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -26767,7 +26800,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28369,6 +28401,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -28858,6 +28903,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -28895,8 +28952,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29265,6 +29323,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32425,7 +32493,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32478,20 +32551,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32544,30 +32625,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32591,18 +32685,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -32759,8 +32852,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38278,6 +38371,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38290,7 +38390,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -40830,6 +40929,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41319,6 +41431,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41356,8 +41480,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -41726,6 +41851,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45407,7 +45542,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45460,20 +45600,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45526,30 +45674,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45573,18 +45734,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -45741,8 +45901,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45901,8 +46061,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46001,137 +46161,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46169,9 +46202,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46226,35 +46259,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46263,18 +46308,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46599,17 +46636,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46655,46 +46689,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -46855,48 +46870,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46932,13 +46982,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46947,10 +47078,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47275,12 +47414,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47326,11 +47470,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47491,69 +47670,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47590,109 +47747,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48031,6 +48092,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48077,7 +48141,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48242,21 +48306,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48293,7 +48406,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48352,13 +48465,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48387,9 +48495,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48401,7 +48519,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -48727,12 +48845,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -48779,20 +48892,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48955,58 +49059,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49031,10 +49198,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49043,18 +49213,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49096,46 +50614,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49296,30 +50783,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49356,7 +50936,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49429,7 +51011,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -49754,6 +51336,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -49799,15 +51384,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -49969,117 +51558,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50117,8 +51618,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50190,8 +51692,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50516,9 +52018,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50564,19 +52063,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50737,30 +52230,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50796,71 +52285,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -50871,9 +52305,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51198,292 +52630,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55638,6 +56784,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55677,16 +56824,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -55718,9 +56868,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -55728,6 +56882,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -55909,6 +57064,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -55916,6 +57072,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57200,8 +58357,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57416,8 +58574,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58229,6 +59387,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58645,8 +59804,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66479,7 +67638,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66532,20 +67696,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66598,30 +67770,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66645,18 +67830,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -67882,34 +69066,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/service-integrations/output.yaml b/charts/k8s-monitoring-v1/docs/examples/service-integrations/output.yaml index c8e965ecd1..71b4206bbc 100644 --- a/charts/k8s-monitoring-v1/docs/examples/service-integrations/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/service-integrations/output.yaml @@ -1264,8 +1264,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11302,8 +11302,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19725,7 +19725,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19778,20 +19783,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19844,30 +19857,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19891,18 +19917,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20015,8 +20040,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20911,6 +20936,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21222,8 +21248,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21943,6 +21969,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22396,8 +22423,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27121,7 +27148,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27145,6 +27171,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27157,7 +27190,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28759,6 +28791,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29248,6 +29293,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29285,8 +29342,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29655,6 +29713,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32815,7 +32883,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32868,20 +32941,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32934,30 +33015,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32981,18 +33075,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33149,8 +33242,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38668,6 +38761,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38680,7 +38780,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41220,6 +41319,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41709,6 +41821,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41746,8 +41870,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42116,6 +42241,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45797,7 +45932,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45850,20 +45990,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45916,30 +46064,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45963,18 +46124,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46131,8 +46291,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46291,8 +46451,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46391,137 +46551,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46559,9 +46592,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46616,35 +46649,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46653,18 +46698,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46989,17 +47026,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47045,46 +47079,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47245,48 +47260,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47322,13 +47372,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47337,10 +47468,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47665,12 +47804,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47716,11 +47860,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47881,69 +48060,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47980,109 +48137,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48421,6 +48482,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48467,7 +48531,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48632,21 +48696,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48683,7 +48796,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48742,13 +48855,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48777,9 +48885,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48791,7 +48909,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49117,12 +49235,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49169,20 +49282,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49345,58 +49449,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49421,10 +49588,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49433,18 +49603,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49486,46 +51004,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49686,30 +51173,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49746,7 +51326,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49819,7 +51401,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50144,6 +51726,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50189,15 +51774,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50359,117 +51948,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50507,8 +52008,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50580,8 +52082,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50906,9 +52408,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50954,19 +52453,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51127,30 +52620,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51186,71 +52675,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51261,9 +52695,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51588,292 +53020,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56028,6 +57174,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56067,16 +57214,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56108,9 +57258,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56118,6 +57272,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56299,6 +57454,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56306,6 +57462,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57590,8 +58747,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57806,8 +58964,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58619,6 +59777,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59035,8 +60194,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66869,7 +68028,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66922,20 +68086,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66988,30 +68160,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67035,18 +68220,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68745,34 +69929,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/sigv4-auth/output.yaml b/charts/k8s-monitoring-v1/docs/examples/sigv4-auth/output.yaml index c5161d4755..b73f574e77 100644 --- a/charts/k8s-monitoring-v1/docs/examples/sigv4-auth/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/sigv4-auth/output.yaml @@ -1228,8 +1228,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11266,8 +11266,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19689,7 +19689,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19742,20 +19747,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19808,30 +19821,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19855,18 +19881,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19979,8 +20004,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20875,6 +20900,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21186,8 +21212,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21907,6 +21933,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22360,8 +22387,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27085,7 +27112,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27109,6 +27135,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27121,7 +27154,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28723,6 +28755,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29212,6 +29257,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29249,8 +29306,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29619,6 +29677,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32779,7 +32847,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32832,20 +32905,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32898,30 +32979,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32945,18 +33039,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33113,8 +33206,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38632,6 +38725,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38644,7 +38744,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41184,6 +41283,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41673,6 +41785,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41710,8 +41834,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42080,6 +42205,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45761,7 +45896,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45814,20 +45954,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45880,30 +46028,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45927,18 +46088,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46095,8 +46255,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46255,8 +46415,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46355,137 +46515,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46523,9 +46556,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46580,35 +46613,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46617,18 +46662,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46953,17 +46990,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47009,46 +47043,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47209,48 +47224,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47286,13 +47336,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47301,10 +47432,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47629,12 +47768,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47680,11 +47824,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47845,69 +48024,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47944,109 +48101,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48385,6 +48446,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48431,7 +48495,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48596,21 +48660,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48647,7 +48760,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48706,13 +48819,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48741,9 +48849,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48755,7 +48873,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49081,12 +49199,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49133,20 +49246,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49309,58 +49413,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49385,10 +49552,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49397,18 +49567,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49450,46 +50968,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49650,30 +51137,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49710,7 +51290,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49783,7 +51365,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50108,6 +51690,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50153,15 +51738,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50323,117 +51912,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50471,8 +51972,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50544,8 +52046,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50870,9 +52372,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50918,19 +52417,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51091,30 +52584,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51150,71 +52639,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51225,9 +52659,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51552,292 +52984,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55992,6 +57138,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56031,16 +57178,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56072,9 +57222,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56082,6 +57236,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56263,6 +57418,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56270,6 +57426,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57554,8 +58711,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57770,8 +58928,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58583,6 +59741,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58999,8 +60158,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66833,7 +67992,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66886,20 +68050,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66952,30 +68124,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66999,18 +68184,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68709,34 +69893,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/specific-namespace/output.yaml b/charts/k8s-monitoring-v1/docs/examples/specific-namespace/output.yaml index d08e1e405c..45464332f8 100644 --- a/charts/k8s-monitoring-v1/docs/examples/specific-namespace/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/specific-namespace/output.yaml @@ -1313,8 +1313,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11351,8 +11351,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19774,7 +19774,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19827,20 +19832,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19893,30 +19906,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19940,18 +19966,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20064,8 +20089,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20960,6 +20985,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21271,8 +21297,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21992,6 +22018,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22445,8 +22472,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27170,7 +27197,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27194,6 +27220,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27206,7 +27239,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28808,6 +28840,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29297,6 +29342,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29334,8 +29391,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29704,6 +29762,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32864,7 +32932,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32917,20 +32990,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32983,30 +33064,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33030,18 +33124,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33198,8 +33291,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38717,6 +38810,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38729,7 +38829,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41269,6 +41368,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41758,6 +41870,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41795,8 +41919,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42165,6 +42290,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45846,7 +45981,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45899,20 +46039,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45965,30 +46113,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46012,18 +46173,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46180,8 +46340,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46340,8 +46500,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46440,137 +46600,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46608,9 +46641,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46665,35 +46698,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46702,18 +46747,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47038,17 +47075,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47094,46 +47128,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47294,48 +47309,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47371,13 +47421,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47386,10 +47517,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47714,12 +47853,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47765,11 +47909,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47930,69 +48109,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48029,109 +48186,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48470,6 +48531,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48516,7 +48580,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48681,21 +48745,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48732,7 +48845,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48791,13 +48904,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48826,9 +48934,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48840,7 +48958,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49166,12 +49284,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49218,20 +49331,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49394,58 +49498,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49470,10 +49637,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49482,18 +49652,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49535,46 +51053,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49735,30 +51222,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49795,7 +51375,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49868,7 +51450,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50193,6 +51775,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50238,15 +51823,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50408,117 +51997,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50556,8 +52057,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50629,8 +52131,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50955,9 +52457,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51003,19 +52502,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51176,30 +52669,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51235,71 +52724,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51310,9 +52744,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51637,292 +53069,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56077,6 +57223,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56116,16 +57263,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56157,9 +57307,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56167,6 +57321,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56348,6 +57503,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56355,6 +57511,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57639,8 +58796,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57855,8 +59013,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58668,6 +59826,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59084,8 +60243,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66918,7 +68077,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66971,20 +68135,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67037,30 +68209,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67084,18 +68269,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68794,34 +69978,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/traces-enabled/output.yaml b/charts/k8s-monitoring-v1/docs/examples/traces-enabled/output.yaml index fb2e527d9e..1988b16039 100644 --- a/charts/k8s-monitoring-v1/docs/examples/traces-enabled/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/traces-enabled/output.yaml @@ -1353,8 +1353,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11391,8 +11391,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19814,7 +19814,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19867,20 +19872,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19933,30 +19946,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19980,18 +20006,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20104,8 +20129,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21000,6 +21025,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21311,8 +21337,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22032,6 +22058,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22485,8 +22512,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27210,7 +27237,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27234,6 +27260,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27246,7 +27279,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28848,6 +28880,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29337,6 +29382,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29374,8 +29431,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29744,6 +29802,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32904,7 +32972,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32957,20 +33030,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33023,30 +33104,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33070,18 +33164,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33238,8 +33331,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38757,6 +38850,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38769,7 +38869,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41309,6 +41408,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41798,6 +41910,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41835,8 +41959,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42205,6 +42330,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45886,7 +46021,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45939,20 +46079,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46005,30 +46153,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46052,18 +46213,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46220,8 +46380,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46380,8 +46540,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46480,137 +46640,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46648,9 +46681,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46705,35 +46738,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46742,18 +46787,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47078,17 +47115,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47134,46 +47168,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47334,48 +47349,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47411,13 +47461,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47426,10 +47557,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47754,12 +47893,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47805,11 +47949,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47970,69 +48149,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48069,109 +48226,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48510,6 +48571,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48556,7 +48620,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48721,21 +48785,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48772,7 +48885,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48831,13 +48944,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48866,9 +48974,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48880,7 +48998,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49206,12 +49324,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49258,20 +49371,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49434,58 +49538,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49510,10 +49677,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49522,18 +49692,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49575,46 +51093,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49775,30 +51262,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49835,7 +51415,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49908,7 +51490,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50233,6 +51815,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50278,15 +51863,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50448,117 +52037,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50596,8 +52097,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50669,8 +52171,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50995,9 +52497,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51043,19 +52542,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51216,30 +52709,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51275,71 +52764,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51350,9 +52784,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51677,292 +53109,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56117,6 +57263,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56156,16 +57303,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56197,9 +57347,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56207,6 +57361,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56388,6 +57543,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56395,6 +57551,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57679,8 +58836,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57895,8 +59053,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58708,6 +59866,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59124,8 +60283,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66958,7 +68117,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67011,20 +68175,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67077,30 +68249,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67124,18 +68309,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68834,34 +70018,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/windows-exporter/output.yaml b/charts/k8s-monitoring-v1/docs/examples/windows-exporter/output.yaml index ff7662fc16..d67cedb8cd 100644 --- a/charts/k8s-monitoring-v1/docs/examples/windows-exporter/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/windows-exporter/output.yaml @@ -1337,8 +1337,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11375,8 +11375,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19798,7 +19798,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19851,20 +19856,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19917,30 +19930,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19964,18 +19990,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20088,8 +20113,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20984,6 +21009,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21295,8 +21321,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22016,6 +22042,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22469,8 +22496,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27194,7 +27221,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27218,6 +27244,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27230,7 +27263,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28832,6 +28864,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29321,6 +29366,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29358,8 +29415,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29728,6 +29786,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32888,7 +32956,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32941,20 +33014,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33007,30 +33088,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33054,18 +33148,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33222,8 +33315,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38741,6 +38834,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38753,7 +38853,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41293,6 +41392,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41782,6 +41894,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41819,8 +41943,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42189,6 +42314,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45870,7 +46005,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45923,20 +46063,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45989,30 +46137,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46036,18 +46197,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46204,8 +46364,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46364,8 +46524,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46464,137 +46624,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46632,9 +46665,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46689,35 +46722,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46726,18 +46771,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47062,17 +47099,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47118,46 +47152,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47318,48 +47333,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47395,13 +47445,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47410,10 +47541,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47738,12 +47877,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47789,11 +47933,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47954,69 +48133,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48053,109 +48210,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48494,6 +48555,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48540,7 +48604,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48705,21 +48769,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48756,7 +48869,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48815,13 +48928,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48850,9 +48958,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48864,7 +48982,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49190,12 +49308,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49242,20 +49355,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49418,58 +49522,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49494,10 +49661,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49506,18 +49676,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49559,46 +51077,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49759,30 +51246,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49819,7 +51399,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49892,7 +51474,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50217,6 +51799,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50262,15 +51847,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50432,117 +52021,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50580,8 +52081,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50653,8 +52155,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50979,9 +52481,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51027,19 +52526,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51200,30 +52693,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51259,71 +52748,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51334,9 +52768,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51661,292 +53093,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56101,6 +57247,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56140,16 +57287,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56181,9 +57331,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56191,6 +57345,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56372,6 +57527,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56379,6 +57535,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57663,8 +58820,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57879,8 +59037,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58692,6 +59850,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59108,8 +60267,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66942,7 +68101,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66995,20 +68159,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67061,30 +68233,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67108,18 +68293,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68946,34 +70130,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1