From 7d2bc6dad3aef1e6d0bacfc6e02a7a5f66f57026 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Mon, 11 May 2026 15:00:25 +0000 Subject: [PATCH] chore: Update manifests after change --- ...tmanagerconfigs.monitoring.coreos.com.yaml | 29 +++- ...n-alertmanagers.monitoring.coreos.com.yaml | 33 ++++- ...ion-podmonitors.monitoring.coreos.com.yaml | 4 +- ...finition-probes.monitoring.coreos.com.yaml | 4 +- ...rometheusagents.monitoring.coreos.com.yaml | 71 +++++++++- ...on-prometheuses.monitoring.coreos.com.yaml | 125 ++++++++++++++++-- ...prometheusrules.monitoring.coreos.com.yaml | 4 +- ...n-scrapeconfigs.monitoring.coreos.com.yaml | 27 +++- ...servicemonitors.monitoring.coreos.com.yaml | 4 +- ...on-thanosrulers.monitoring.coreos.com.yaml | 47 ++++++- 10 files changed, 317 insertions(+), 31 deletions(-) diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-alertmanagerconfigs.monitoring.coreos.com.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-alertmanagerconfigs.monitoring.coreos.com.yaml index e5121a82a..7bced0046 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-alertmanagerconfigs.monitoring.coreos.com.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-alertmanagerconfigs.monitoring.coreos.com.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.90.1 + controller-gen.kubebuilder.io/version: v0.20.1 + operator.prometheus.io/version: 0.91.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -1066,6 +1066,22 @@ spec: This provides a fallback for email clients that don't support HTML. minLength: 1 type: string + threading: + description: |- + threading defines the threading configuration for email receiver. + It requires Alertmanager >= v0.30.0. + properties: + threadByDate: + description: |- + threadByDate defines what granularity of current date to thread by. Accepted values: Daily, None. + (None means group by alert group key, no date). + enum: + - Daily + - None + type: string + required: + - threadByDate + type: object tlsConfig: description: |- tlsConfig defines the TLS configuration for SMTP connections. @@ -7417,6 +7433,12 @@ spec: - key type: object x-kubernetes-map-type: atomic + externalId: + description: |- + externalId defines the external ID used when assuming an AWS role. Can only be used with roleArn. + It requires Prometheus >= v3.11.0 or Alertmanager >= v0.33.0. Currently not supported by Thanos. + minLength: 1 + type: string profile: description: profile defines the named AWS profile used to authenticate. type: string @@ -7456,6 +7478,9 @@ spec: It requires Prometheus >= v2.54.0. type: boolean type: object + x-kubernetes-validations: + - message: externalId can only be used when roleArn is specified + rule: '!has(self.externalId) || has(self.roleArn)' subject: description: |- subject defines the subject line when the message is delivered to email endpoints. diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-alertmanagers.monitoring.coreos.com.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-alertmanagers.monitoring.coreos.com.yaml index 9b8503098..27236c819 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-alertmanagers.monitoring.coreos.com.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-alertmanagers.monitoring.coreos.com.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.90.1 + controller-gen.kubebuilder.io/version: v0.20.1 + operator.prometheus.io/version: 0.91.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -1749,6 +1749,35 @@ spec: pattern: ^(http|https)://.+$ type: string type: object + mattermost: + description: mattermost defines the default Mattermost Config + properties: + webhookURL: + description: |- + webhookURL defines the default Mattermost Webhook URL. + + It requires Alertmanager >= v0.32.0. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object opsGenieApiKey: description: opsGenieApiKey defines the default OpsGenie API Key. properties: diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-podmonitors.monitoring.coreos.com.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-podmonitors.monitoring.coreos.com.yaml index ade19e4e3..6c174f82a 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-podmonitors.monitoring.coreos.com.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-podmonitors.monitoring.coreos.com.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.90.1 + controller-gen.kubebuilder.io/version: v0.20.1 + operator.prometheus.io/version: 0.91.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-probes.monitoring.coreos.com.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-probes.monitoring.coreos.com.yaml index ab0c6d104..15116478a 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-probes.monitoring.coreos.com.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-probes.monitoring.coreos.com.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.90.1 + controller-gen.kubebuilder.io/version: v0.20.1 + operator.prometheus.io/version: 0.91.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheusagents.monitoring.coreos.com.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheusagents.monitoring.coreos.com.yaml index 848dcde57..796dadba1 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheusagents.monitoring.coreos.com.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheusagents.monitoring.coreos.com.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.90.1 + controller-gen.kubebuilder.io/version: v0.20.1 + operator.prometheus.io/version: 0.91.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -5982,6 +5982,12 @@ spec: - key type: object x-kubernetes-map-type: atomic + externalId: + description: |- + externalId defines the external ID used when assuming an AWS role. Can only be used with roleArn. + It requires Prometheus >= v3.11.0 or Alertmanager >= v0.33.0. Currently not supported by Thanos. + minLength: 1 + type: string profile: description: profile defines the named AWS profile used to authenticate. type: string @@ -6021,6 +6027,9 @@ spec: It requires Prometheus >= v2.54.0. type: boolean type: object + x-kubernetes-validations: + - message: externalId can only be used when roleArn is specified + rule: '!has(self.externalId) || has(self.roleArn)' tlsConfig: description: tlsConfig to use for the URL. properties: @@ -6856,7 +6865,8 @@ spec: matches all namespaces. A null label selector matches the current namespace only. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. + Note that the ScrapeConfig custom resource definition is currently at Alpha level + and will be graduated to Beta in a future release. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -6913,7 +6923,8 @@ spec: of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. + Note that the ScrapeConfig custom resource definition is currently at Alpha level + and will be graduated to Beta in a future release. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -7382,6 +7393,54 @@ spec: See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. minLength: 1 type: string + shardingStrategy: + description: |- + shardingStrategy defines the sharding strategy for distributing scraped targets across Prometheus shards. + + When not defined, the operator defaults to the 'Address' mode which distributes + targets based on a hash of the target address. + properties: + mode: + description: |- + mode defines the sharding mode. Can be 'Address' or 'Topology'. + + 'Address' is the default mode and distributes targets across shards + based on a hash of the target address. + + 'Topology' enables zone-aware sharding where each shard is assigned to a + specific topology zone and only scrapes targets in that zone. + (Alpha) Using the 'Topology' mode requires the `PrometheusTopologySharding` + feature gate to be enabled. + enum: + - Address + - Topology + type: string + topology: + description: |- + topology defines the configuration for topology-aware sharding. + This field is only valid when mode is set to 'Topology'. + properties: + externalLabelName: + description: |- + externalLabelName defines the name of the Prometheus external label used + to communicate the topology zone assigned to the Prometheus instance. + If not defined, it defaults to "zone". + If set to the empty string, no external label is added to the Prometheus configuration. + type: string + values: + description: |- + values defines the list of topology values (e.g. zone names) to be used + for sharding. The configured number of shards must be greater than or + equal to the number of values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + type: object + x-kubernetes-validations: + - message: topology can only be defined when mode is set to 'Topology' + rule: '!has(self.topology) || (has(self.mode) && self.mode == ''Topology'')' shards: description: |- shards defines the number of shards to distribute the scraped targets onto. @@ -10729,6 +10788,10 @@ spec: rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.serviceMonitorNamespaceSelector))' - message: additionalScrapeConfigs cannot be set when mode is DaemonSet rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.additionalScrapeConfigs))' + - message: shardingStrategy cannot be set when mode is DaemonSet + rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.shardingStrategy))' + - message: shards must be greater than or equal to the number of topology values when sharding strategy mode is Topology + rule: '!has(self.shardingStrategy) || !has(self.shardingStrategy.mode) || self.shardingStrategy.mode != ''Topology'' || !has(self.shardingStrategy.topology) || !has(self.shardingStrategy.topology.values) || self.shardingStrategy.topology.values.size() == 0 || (has(self.shards) ? self.shards : 1) >= self.shardingStrategy.topology.values.size()' status: description: |- status defines the most recent observed status of the Prometheus cluster. Read-only. diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheuses.monitoring.coreos.com.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheuses.monitoring.coreos.com.yaml index f84217b9c..73f6172e3 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheuses.monitoring.coreos.com.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheuses.monitoring.coreos.com.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.90.1 + controller-gen.kubebuilder.io/version: v0.20.1 + operator.prometheus.io/version: 0.91.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -1491,6 +1491,12 @@ spec: - key type: object x-kubernetes-map-type: atomic + externalId: + description: |- + externalId defines the external ID used when assuming an AWS role. Can only be used with roleArn. + It requires Prometheus >= v3.11.0 or Alertmanager >= v0.33.0. Currently not supported by Thanos. + minLength: 1 + type: string profile: description: profile defines the named AWS profile used to authenticate. type: string @@ -1530,6 +1536,9 @@ spec: It requires Prometheus >= v2.54.0. type: boolean type: object + x-kubernetes-validations: + - message: externalId can only be used when roleArn is specified + rule: '!has(self.externalId) || has(self.roleArn)' timeout: description: timeout defines a per-target Alertmanager timeout when pushing alerts. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ @@ -7460,6 +7469,12 @@ spec: - key type: object x-kubernetes-map-type: atomic + externalId: + description: |- + externalId defines the external ID used when assuming an AWS role. Can only be used with roleArn. + It requires Prometheus >= v3.11.0 or Alertmanager >= v0.33.0. Currently not supported by Thanos. + minLength: 1 + type: string profile: description: profile defines the named AWS profile used to authenticate. type: string @@ -7499,6 +7514,9 @@ spec: It requires Prometheus >= v2.54.0. type: boolean type: object + x-kubernetes-validations: + - message: externalId can only be used when roleArn is specified + rule: '!has(self.externalId) || has(self.roleArn)' tlsConfig: description: tlsConfig to use for the URL. properties: @@ -8473,7 +8491,8 @@ spec: matches all namespaces. A null label selector matches the current namespace only. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. + Note that the ScrapeConfig custom resource definition is currently at Alpha level + and will be graduated to Beta in a future release. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -8530,7 +8549,8 @@ spec: of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. - Note that the ScrapeConfig custom resource definition is currently at Alpha level. + Note that the ScrapeConfig custom resource definition is currently at Alpha level + and will be graduated to Beta in a future release. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -9013,11 +9033,17 @@ spec: properties: retain: description: |- - retain defines the config for retention when the retention policy is set to `Retain`. - This field is ineffective as of now. + retain defines the config for retention when the retention policy is set + to `Retain`. + + If not defined, the operator will use the retention duration configured + for the Prometheus data. If the resource uses size-based retention, the + shard(s) are kept forever (unless manually deleted). properties: retentionPeriod: - description: retentionPeriod defines the retentionPeriod for shard retention policy. + description: |- + retentionPeriod defines how long the scaled-down shard(s) need to be + kept before being deleted. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string required: @@ -9035,6 +9061,54 @@ spec: - Delete type: string type: object + shardingStrategy: + description: |- + shardingStrategy defines the sharding strategy for distributing scraped targets across Prometheus shards. + + When not defined, the operator defaults to the 'Address' mode which distributes + targets based on a hash of the target address. + properties: + mode: + description: |- + mode defines the sharding mode. Can be 'Address' or 'Topology'. + + 'Address' is the default mode and distributes targets across shards + based on a hash of the target address. + + 'Topology' enables zone-aware sharding where each shard is assigned to a + specific topology zone and only scrapes targets in that zone. + (Alpha) Using the 'Topology' mode requires the `PrometheusTopologySharding` + feature gate to be enabled. + enum: + - Address + - Topology + type: string + topology: + description: |- + topology defines the configuration for topology-aware sharding. + This field is only valid when mode is set to 'Topology'. + properties: + externalLabelName: + description: |- + externalLabelName defines the name of the Prometheus external label used + to communicate the topology zone assigned to the Prometheus instance. + If not defined, it defaults to "zone". + If set to the empty string, no external label is added to the Prometheus configuration. + type: string + values: + description: |- + values defines the list of topology values (e.g. zone names) to be used + for sharding. The configured number of shards must be greater than or + equal to the number of values. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + type: object + x-kubernetes-validations: + - message: topology can only be defined when mode is set to 'Topology' + rule: '!has(self.topology) || (has(self.mode) && self.mode == ''Topology'')' shards: description: |- shards defines the number of shards to distribute the scraped targets onto. @@ -9768,7 +9842,7 @@ spec: description: |- grpcServerTlsConfig defines the TLS parameters for the gRPC server providing the StoreAPI. - Note: Currently only the `minVersion`, `caFile`, `certFile`, and `keyFile` fields are supported. + Note: Currently only the `minVersion`, `caFile`, `certFile`, `keyFile`, `cipherSuites` and `curves` fields are supported. properties: ca: description: ca defines the Certificate authority used when verifying server certificates. @@ -9872,6 +9946,38 @@ spec: certFile: description: certFile defines the path to the client cert file in the Prometheus container for the targets. type: string + cipherSuites: + description: |- + cipherSuites defines the list of supported cipher suites for TLS + versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants + + It requires Thanos >= v0.42.0. Note that the operator doesn't verify if + the Thanos version supports the provided values. + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + curves: + description: |- + curves defines the list of preferred elliptic curves for + TLS handshakes. + + If not defined, the Go default curves are used. + Available curves are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#CurveID + + It requires Thanos >= v0.42.0. Note that the operator doesn't verify if + the Thanos version supports the provided values. + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set insecureSkipVerify: description: insecureSkipVerify defines how to disable target certificate validation. type: boolean @@ -12849,6 +12955,9 @@ spec: type: object type: object type: object + x-kubernetes-validations: + - message: shards must be greater than or equal to the number of topology values when sharding strategy mode is Topology + rule: '!has(self.shardingStrategy) || !has(self.shardingStrategy.mode) || self.shardingStrategy.mode != ''Topology'' || !has(self.shardingStrategy.topology) || !has(self.shardingStrategy.topology.values) || self.shardingStrategy.topology.values.size() == 0 || (has(self.shards) ? self.shards : 1) >= self.shardingStrategy.topology.values.size()' status: description: |- status defines the most recent observed status of the Prometheus cluster. Read-only. diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheusrules.monitoring.coreos.com.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheusrules.monitoring.coreos.com.yaml index ecc4ee395..83d8a3006 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheusrules.monitoring.coreos.com.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-prometheusrules.monitoring.coreos.com.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.90.1 + controller-gen.kubebuilder.io/version: v0.20.1 + operator.prometheus.io/version: 0.91.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-scrapeconfigs.monitoring.coreos.com.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-scrapeconfigs.monitoring.coreos.com.yaml index 561242908..35a3a4133 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-scrapeconfigs.monitoring.coreos.com.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-scrapeconfigs.monitoring.coreos.com.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.90.1 + controller-gen.kubebuilder.io/version: v0.20.1 + operator.prometheus.io/version: 0.91.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -96,6 +96,7 @@ spec: - OAuth - ManagedIdentity - SDK + - WorkloadIdentity type: string authorization: description: |- @@ -603,7 +604,7 @@ spec: minLength: 1 type: string tlsConfig: - description: tlsConfig defies the TLS configuration applying to the target HTTP endpoint. + description: tlsConfig defines the TLS configuration applying to the target HTTP endpoint. properties: ca: description: ca defines the Certificate authority used when verifying server certificates. @@ -930,13 +931,20 @@ spec: filter: description: |- filter defines the filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services + See https://developer.hashicorp.com/consul/api-docs/catalog#filtering It requires Prometheus >= 3.0.0. minLength: 1 type: string followRedirects: description: followRedirects defines whether HTTP requests follow HTTP 3xx redirects. type: boolean + healthFilter: + description: |- + healthFilter defines the filter expression used to filter the health results. + See https://developer.hashicorp.com/consul/api-docs/health#filtering + It requires Prometheus >= 3.11.2. + minLength: 1 + type: string namespace: description: |- namespace are only supported in Consul Enterprise. @@ -8203,6 +8211,7 @@ spec: type: string roleARN: description: roleARN defines the AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 type: string secretKey: description: secretKey defines the AWS API secret. @@ -9196,6 +9205,7 @@ spec: description: |- namespace defines the Nomad namespace to query for service discovery. When specified, only resources within this namespace will be discovered. + minLength: 1 type: string noProxy: description: |- @@ -9557,6 +9567,7 @@ spec: description: |- region defines the Nomad region to query for service discovery. When specified, only resources within this region will be discovered. + minLength: 1 type: string server: description: |- @@ -9568,6 +9579,7 @@ spec: description: |- tagSeparator defines the separator used to join multiple tags. This determines how Nomad service tags are concatenated into Prometheus labels. + minLength: 1 type: string tlsConfig: description: tlsConfig defines the TLS configuration to connect to the Nomad API. @@ -10037,6 +10049,7 @@ spec: type: boolean applicationCredentialId: description: applicationCredentialId defines the OpenStack applicationCredentialId. + minLength: 1 type: string applicationCredentialName: description: |- @@ -11203,6 +11216,9 @@ spec: description: |- ScalewaySDConfig configurations allow retrieving scrape targets from Scaleway instances and baremetal services. See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scaleway_sd_config + + Note: The `_file` variants of credential fields (e.g. `secret_key_file`) + from the Prometheus configuration are not supported. Use Kubernetes secrets via `secretKey` instead. properties: accessKey: description: accessKey defines the access key to use. https://console.scaleway.com/project/credentials @@ -11734,6 +11750,9 @@ spec: It requires Prometheus >= v2.48.0. type: boolean type: object + x-kubernetes-validations: + - message: at most one of basicAuth, authorization, or oauth2 can be configured + rule: '[has(self.basicAuth), has(self.authorization), has(self.oauth2)].filter(x, x).size() <= 1' status: description: |- status defines the status subresource. It is under active development and is updated only when the diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-servicemonitors.monitoring.coreos.com.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-servicemonitors.monitoring.coreos.com.yaml index 3a2d5cd7c..a4a3e8997 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-servicemonitors.monitoring.coreos.com.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-servicemonitors.monitoring.coreos.com.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.90.1 + controller-gen.kubebuilder.io/version: v0.20.1 + operator.prometheus.io/version: 0.91.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-thanosrulers.monitoring.coreos.com.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-thanosrulers.monitoring.coreos.com.yaml index 69a808c05..90c6858cf 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-thanosrulers.monitoring.coreos.com.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/CustomResourceDefinition-thanosrulers.monitoring.coreos.com.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.90.1 + controller-gen.kubebuilder.io/version: v0.20.1 + operator.prometheus.io/version: 0.91.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -2681,7 +2681,7 @@ spec: grpcServerTlsConfig defines the gRPC server from which Thanos Querier reads recorded rule data. - Note: Currently only the `minVersion`, `caFile`, `certFile`, and `keyFile` fields are supported. + Note: Currently only the `minVersion`, `caFile`, `certFile`, `keyFile`, `cipherSuites` and `curves` fields are supported. properties: ca: description: ca defines the Certificate authority used when verifying server certificates. @@ -2785,6 +2785,38 @@ spec: certFile: description: certFile defines the path to the client cert file in the Prometheus container for the targets. type: string + cipherSuites: + description: |- + cipherSuites defines the list of supported cipher suites for TLS + versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants + + It requires Thanos >= v0.42.0. Note that the operator doesn't verify if + the Thanos version supports the provided values. + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + curves: + description: |- + curves defines the list of preferred elliptic curves for + TLS handshakes. + + If not defined, the Go default curves are used. + Available curves are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#CurveID + + It requires Thanos >= v0.42.0. Note that the operator doesn't verify if + the Thanos version supports the provided values. + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set insecureSkipVerify: description: insecureSkipVerify defines how to disable target certificate validation. type: boolean @@ -5340,6 +5372,12 @@ spec: - key type: object x-kubernetes-map-type: atomic + externalId: + description: |- + externalId defines the external ID used when assuming an AWS role. Can only be used with roleArn. + It requires Prometheus >= v3.11.0 or Alertmanager >= v0.33.0. Currently not supported by Thanos. + minLength: 1 + type: string profile: description: profile defines the named AWS profile used to authenticate. type: string @@ -5379,6 +5417,9 @@ spec: It requires Prometheus >= v2.54.0. type: boolean type: object + x-kubernetes-validations: + - message: externalId can only be used when roleArn is specified + rule: '!has(self.externalId) || has(self.roleArn)' tlsConfig: description: tlsConfig to use for the URL. properties: -- 2.49.1