From f4fe02bd4e00c761b71c823cf3cae31fd78697c0 Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Wed, 26 Jun 2024 16:51:27 -0400 Subject: [PATCH 01/19] partial changes to add pod monitor and scrapeClass --- packages/slim-dev/zarf.yaml | 6 + .../operator/controllers/monitoring/common.ts | 12 + .../controllers/monitoring/pod-monitor.ts | 98 ++ .../controllers/monitoring/service-monitor.ts | 48 +- .../crd/generated/exemption-v1alpha1.ts | 15 +- .../crd/generated/package-v1alpha1.ts | 46 +- .../crd/generated/prometheus/podmonitor-v1.ts | 950 ++++++++++++++++++ src/pepr/operator/crd/index.ts | 16 +- .../operator/crd/sources/package/v1alpha1.ts | 42 +- .../reconcilers/package-reconciler.ts | 13 +- src/pepr/prometheus/index.ts | 10 +- src/prometheus-stack/values/values.yaml | 10 + tasks.yaml | 7 + tasks/create.yaml | 2 +- 14 files changed, 1230 insertions(+), 45 deletions(-) create mode 100644 src/pepr/operator/controllers/monitoring/common.ts create mode 100644 src/pepr/operator/controllers/monitoring/pod-monitor.ts create mode 100644 src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts diff --git a/packages/slim-dev/zarf.yaml b/packages/slim-dev/zarf.yaml index a1044ef96..8f2b79586 100644 --- a/packages/slim-dev/zarf.yaml +++ b/packages/slim-dev/zarf.yaml @@ -47,3 +47,9 @@ components: required: true import: path: ../../src/keycloak + + # Prometheus temp for testing monitors TODO @zachariahmiller remove before merge + - name: kube-prometheus-stack + required: true + import: + path: ../../src/prometheus-stack \ No newline at end of file diff --git a/src/pepr/operator/controllers/monitoring/common.ts b/src/pepr/operator/controllers/monitoring/common.ts new file mode 100644 index 000000000..a8afa5d1f --- /dev/null +++ b/src/pepr/operator/controllers/monitoring/common.ts @@ -0,0 +1,12 @@ +import { Monitor } from "../../crd"; +import { sanitizeResourceName } from "../utils"; + +export function generateMonitorName(pkgName: string, monitor: Monitor) { + const { selector, portName, description } = monitor; + + // Ensure the resource name is valid + const nameSuffix = description || `${Object.values(selector)}-${portName}`; + const name = sanitizeResourceName(`${pkgName}-${nameSuffix}`); + + return name; +} diff --git a/src/pepr/operator/controllers/monitoring/pod-monitor.ts b/src/pepr/operator/controllers/monitoring/pod-monitor.ts new file mode 100644 index 000000000..2b7143d00 --- /dev/null +++ b/src/pepr/operator/controllers/monitoring/pod-monitor.ts @@ -0,0 +1,98 @@ +import { V1OwnerReference } from "@kubernetes/client-node"; +import { K8s, Log } from "pepr"; +import { Monitor, PrometheusPodMonitor, UDSPackage } from "../../crd"; +import { getOwnerRef } from "../utils"; +import { generateMonitorName } from "./common"; + +/** + * Generate a pod monitor for a pod + * + * @param pkg UDS Package + * @param namespace + */ +export async function podMonitor(pkg: UDSPackage, namespace: string) { + const pkgName = pkg.metadata!.name!; + const generation = (pkg.metadata?.generation ?? 0).toString(); + const ownerRefs = getOwnerRef(pkg); + + Log.debug(`Reconciling PodMonitors for ${pkgName}`); + + // Get the list of monitored services + const monitorList = pkg.spec?.monitor ?? []; + + // Create a list of generated PodMonitors + const payloads: PrometheusPodMonitor.PodMonitor[] = []; + + try { + for (const monitor of monitorList) { + if (monitor.kind === "PodMonitor") { + const payload = generatePodMonitor(monitor, namespace, pkgName, generation, ownerRefs); + + Log.debug(payload, `Applying PodMonitor ${payload.metadata?.name}`); + + // Apply the PodMonitor and force overwrite any existing policy + await K8s(PrometheusPodMonitor.PodMonitor).Apply(payload, { force: true }); + + payloads.push(payload); + } + } + + // Get all related PodMonitors in the namespace + const podMonitors = await K8s(PrometheusPodMonitor.PodMonitor) + .InNamespace(namespace) + .WithLabel("uds/package", pkgName) + .Get(); + + // Find any orphaned PodMonitors (not matching the current generation) + const orphanedMonitor = podMonitors.items.filter( + m => m.metadata?.labels?.["uds/generation"] !== generation, + ); + + // Delete any orphaned PodMonitors + for (const m of orphanedMonitor) { + Log.debug(m, `Deleting orphaned PodMonitor ${m.metadata!.name}`); + await K8s(PrometheusPodMonitor.PodMonitor).Delete(m); + } + } catch (err) { + throw new Error(`Failed to process PodMonitors for ${pkgName}, cause: ${JSON.stringify(err)}`); + } + + // Return the list of monitor names + return [...payloads.map(m => m.metadata!.name!)]; +} + +export function generatePodMonitor( + monitor: Monitor, + namespace: string, + pkgName: string, + generation: string, + ownerRefs: V1OwnerReference[], +) { + const { selector, portName } = monitor; + const name = generateMonitorName(pkgName, monitor); + const payload: PrometheusPodMonitor.PodMonitor = { + metadata: { + name, + namespace, + labels: { + "uds/package": pkgName, + "uds/generation": generation, + }, + ownerReferences: ownerRefs, + }, + spec: { + podMetricsEndpoints: [ + { + port: portName, + path: monitor.path || "/metrics", + authorization: monitor.authorization, + }, + ], + selector: { + matchLabels: selector, + }, + }, + }; + + return payload; +} diff --git a/src/pepr/operator/controllers/monitoring/service-monitor.ts b/src/pepr/operator/controllers/monitoring/service-monitor.ts index ff2ba0713..36e273d1c 100644 --- a/src/pepr/operator/controllers/monitoring/service-monitor.ts +++ b/src/pepr/operator/controllers/monitoring/service-monitor.ts @@ -1,8 +1,9 @@ import { K8s, Log } from "pepr"; import { V1OwnerReference } from "@kubernetes/client-node"; -import { Prometheus, UDSPackage, Monitor } from "../../crd"; -import { getOwnerRef, sanitizeResourceName } from "../utils"; +import { Monitor, PrometheusServiceMonitor, UDSPackage } from "../../crd"; +import { getOwnerRef } from "../utils"; +import { generateMonitorName } from "./common"; /** * Generate a service monitor for a service @@ -21,35 +22,37 @@ export async function serviceMonitor(pkg: UDSPackage, namespace: string) { const monitorList = pkg.spec?.monitor ?? []; // Create a list of generated ServiceMonitors - const payloads: Prometheus.ServiceMonitor[] = []; + const payloads: PrometheusServiceMonitor.ServiceMonitor[] = []; try { for (const monitor of monitorList) { - const payload = generateServiceMonitor(monitor, namespace, pkgName, generation, ownerRefs); + if (monitor.kind !== "PodMonitor") { + const payload = generateServiceMonitor(monitor, namespace, pkgName, generation, ownerRefs); - Log.debug(payload, `Applying ServiceMonitor ${payload.metadata?.name}`); + Log.debug(payload, `Applying ServiceMonitor ${payload.metadata?.name}`); - // Apply the ServiceMonitor and force overwrite any existing policy - await K8s(Prometheus.ServiceMonitor).Apply(payload, { force: true }); + // Apply the ServiceMonitor and force overwrite any existing policy + await K8s(PrometheusServiceMonitor.ServiceMonitor).Apply(payload, { force: true }); - payloads.push(payload); + payloads.push(payload); + } } // Get all related ServiceMonitors in the namespace - const serviceMonitors = await K8s(Prometheus.ServiceMonitor) + const serviceMonitors = await K8s(PrometheusServiceMonitor.ServiceMonitor) .InNamespace(namespace) .WithLabel("uds/package", pkgName) .Get(); // Find any orphaned ServiceMonitors (not matching the current generation) - const orphanedSM = serviceMonitors.items.filter( - sm => sm.metadata?.labels?.["uds/generation"] !== generation, + const orphanedMonitor = serviceMonitors.items.filter( + m => m.metadata?.labels?.["uds/generation"] !== generation, ); // Delete any orphaned ServiceMonitors - for (const sm of orphanedSM) { - Log.debug(sm, `Deleting orphaned ServiceMonitor ${sm.metadata!.name}`); - await K8s(Prometheus.ServiceMonitor).Delete(sm); + for (const m of orphanedMonitor) { + Log.debug(m, `Deleting orphaned ServiceMonitor ${m.metadata!.name}`); + await K8s(PrometheusServiceMonitor.ServiceMonitor).Delete(m); } } catch (err) { throw new Error( @@ -58,17 +61,7 @@ export async function serviceMonitor(pkg: UDSPackage, namespace: string) { } // Return the list of monitor names - return [...payloads.map(sm => sm.metadata!.name!)]; -} - -export function generateSMName(pkgName: string, monitor: Monitor) { - const { selector, portName, description } = monitor; - - // Ensure the resource name is valid - const nameSuffix = description || `${Object.values(selector)}-${portName}`; - const name = sanitizeResourceName(`${pkgName}-${nameSuffix}`); - - return name; + return [...payloads.map(m => m.metadata!.name!)]; } export function generateServiceMonitor( @@ -79,8 +72,8 @@ export function generateServiceMonitor( ownerRefs: V1OwnerReference[], ) { const { selector, portName } = monitor; - const name = generateSMName(pkgName, monitor); - const payload: Prometheus.ServiceMonitor = { + const name = generateMonitorName(pkgName, monitor); + const payload: PrometheusServiceMonitor.ServiceMonitor = { metadata: { name, namespace, @@ -95,6 +88,7 @@ export function generateServiceMonitor( { port: portName, path: monitor.path || "/metrics", + authorization: monitor.authorization, }, ], selector: { diff --git a/src/pepr/operator/crd/generated/exemption-v1alpha1.ts b/src/pepr/operator/crd/generated/exemption-v1alpha1.ts index 487c4961f..32ba6c954 100644 --- a/src/pepr/operator/crd/generated/exemption-v1alpha1.ts +++ b/src/pepr/operator/crd/generated/exemption-v1alpha1.ts @@ -4,13 +4,14 @@ import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; export class Exemption extends GenericKind { spec?: Spec; + status?: Status; } export interface Spec { /** * Policy exemptions */ - exemptions: ExemptionElement[]; + exemptions?: ExemptionElement[]; } export interface ExemptionElement { @@ -63,6 +64,18 @@ export enum Policy { RestrictVolumeTypes = "RestrictVolumeTypes", } +export interface Status { + observedGeneration?: number; + phase?: Phase; + titles?: string[]; +} + +export enum Phase { + Failed = "Failed", + Pending = "Pending", + Ready = "Ready", +} + RegisterKind(Exemption, { group: "uds.dev", version: "v1alpha1", diff --git a/src/pepr/operator/crd/generated/package-v1alpha1.ts b/src/pepr/operator/crd/generated/package-v1alpha1.ts index 6c00da529..3d14e1748 100644 --- a/src/pepr/operator/crd/generated/package-v1alpha1.ts +++ b/src/pepr/operator/crd/generated/package-v1alpha1.ts @@ -23,10 +23,19 @@ export interface Spec { } export interface Monitor { + /** + * Authorization settings. + */ + authorization?: Authorization; /** * A description of this monitor entry, this will become part of the ServiceMonitor name */ description?: string; + /** + * The type of monitor to create; PodMonitor or ServiceMonitor. ServiceMonitor is the + * default. + */ + kind?: string; /** * HTTP path from which to scrape for metrics, defaults to `/metrics` */ @@ -51,6 +60,42 @@ export interface Monitor { targetPort: number; } +/** + * Authorization settings. + */ +export interface Authorization { + /** + * Selects a key of a Secret in the namespace that contains the credentials for + * authentication. + */ + credentials: Credentials; + /** + * Defines the authentication type. The value is case-insensitive. "Basic" is not a + * supported value. Default: "Bearer" + */ + type?: string; +} + +/** + * Selects a key of a Secret in the namespace that contains the credentials for + * authentication. + */ +export interface Credentials { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. More info: + * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + /** * Network configuration for the package */ @@ -540,7 +585,6 @@ export interface Status { networkPolicyCount?: number; observedGeneration?: number; phase?: Phase; - retryAttempt?: number; ssoClients?: string[]; } diff --git a/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts b/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts new file mode 100644 index 000000000..3ce5614f9 --- /dev/null +++ b/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts @@ -0,0 +1,950 @@ +// This file is auto-generated by kubernetes-fluent-client, do not edit manually + +import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; + +/** + * PodMonitor defines monitoring for a set of pods. + */ +export class PodMonitor extends GenericKind { + /** + * Specification of desired Pod selection for target discovery by Prometheus. + */ + spec?: Spec; +} + +/** + * Specification of desired Pod selection for target discovery by Prometheus. + */ +export interface Spec { + /** + * `attachMetadata` defines additional metadata which is added to the + * discovered targets. + * + * + * It requires Prometheus >= v2.37.0. + */ + attachMetadata?: AttachMetadata; + /** + * When defined, bodySizeLimit specifies a job level limit on the size + * of uncompressed response body that will be accepted by Prometheus. + * + * + * It requires Prometheus >= v2.28.0. + */ + bodySizeLimit?: string; + /** + * The label to use to retrieve the job name from. + * `jobLabel` selects the label from the associated Kubernetes `Pod` + * object which will be used as the `job` label for all metrics. + * + * + * For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` + * object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` + * label to all ingested metrics. + * + * + * If the value of this field is empty, the `job` label of the metrics + * defaults to the namespace and name of the PodMonitor object (e.g. `/`). + */ + jobLabel?: string; + /** + * Per-scrape limit on the number of targets dropped by relabeling + * that will be kept in memory. 0 means no limit. + * + * + * It requires Prometheus >= v2.47.0. + */ + keepDroppedTargets?: number; + /** + * Per-scrape limit on number of labels that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelLimit?: number; + /** + * Per-scrape limit on length of labels name that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelNameLengthLimit?: number; + /** + * Per-scrape limit on length of labels value that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelValueLengthLimit?: number; + /** + * Selector to select which namespaces the Kubernetes `Pods` objects + * are discovered from. + */ + namespaceSelector?: NamespaceSelector; + /** + * List of endpoints part of this PodMonitor. + */ + podMetricsEndpoints?: PodMetricsEndpoint[]; + /** + * `podTargetLabels` defines the labels which are transferred from the + * associated Kubernetes `Pod` object onto the ingested metrics. + */ + podTargetLabels?: string[]; + /** + * `sampleLimit` defines a per-scrape limit on the number of scraped samples + * that will be accepted. + */ + sampleLimit?: number; + /** + * The scrape class to apply. + */ + scrapeClass?: string; + /** + * `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients + * the + * protocols supported by Prometheus in order of preference (from most to least + * preferred). + * + * + * If unset, Prometheus uses its default value. + * + * + * It requires Prometheus >= v2.49.0. + */ + scrapeProtocols?: ScrapeProtocol[]; + /** + * Label selector to select the Kubernetes `Pod` objects. + */ + selector: Selector; + /** + * `targetLimit` defines a limit on the number of scraped targets that will + * be accepted. + */ + targetLimit?: number; +} + +/** + * `attachMetadata` defines additional metadata which is added to the + * discovered targets. + * + * + * It requires Prometheus >= v2.37.0. + */ +export interface AttachMetadata { + /** + * When set to true, Prometheus must have the `get` permission on the + * `Nodes` objects. + */ + node?: boolean; +} + +/** + * Selector to select which namespaces the Kubernetes `Pods` objects + * are discovered from. + */ +export interface NamespaceSelector { + /** + * Boolean describing whether all namespaces are selected in contrast to a + * list restricting them. + */ + any?: boolean; + /** + * List of namespace names to select from. + */ + matchNames?: string[]; +} + +/** + * PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by + * Prometheus. + */ +export interface PodMetricsEndpoint { + /** + * `authorization` configures the Authorization header credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `basicAuth`, or `oauth2`. + */ + authorization?: Authorization; + /** + * `basicAuth` configures the Basic Authentication credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `authorization`, or `oauth2`. + */ + basicAuth?: BasicAuth; + /** + * `bearerTokenSecret` specifies a key of a Secret containing the bearer + * token for scraping targets. The secret needs to be in the same namespace + * as the PodMonitor object and readable by the Prometheus Operator. + * + * + * Deprecated: use `authorization` instead. + */ + bearerTokenSecret?: BearerTokenSecret; + /** + * `enableHttp2` can be used to disable HTTP2 when scraping the target. + */ + enableHttp2?: boolean; + /** + * When true, the pods which are not running (e.g. either in Failed or + * Succeeded state) are dropped during the target discovery. + * + * + * If unset, the filtering is enabled. + * + * + * More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase + */ + filterRunning?: boolean; + /** + * `followRedirects` defines whether the scrape requests should follow HTTP + * 3xx redirects. + */ + followRedirects?: boolean; + /** + * When true, `honorLabels` preserves the metric's labels when they collide + * with the target's labels. + */ + honorLabels?: boolean; + /** + * `honorTimestamps` controls whether Prometheus preserves the timestamps + * when exposed by the target. + */ + honorTimestamps?: boolean; + /** + * Interval at which Prometheus scrapes the metrics from the target. + * + * + * If empty, Prometheus uses the global scrape interval. + */ + interval?: string; + /** + * `metricRelabelings` configures the relabeling rules to apply to the + * samples before ingestion. + */ + metricRelabelings?: MetricRelabeling[]; + /** + * `oauth2` configures the OAuth2 settings to use when scraping the target. + * + * + * It requires Prometheus >= 2.27.0. + * + * + * Cannot be set at the same time as `authorization`, or `basicAuth`. + */ + oauth2?: Oauth2; + /** + * `params` define optional HTTP URL parameters. + */ + params?: { [key: string]: string[] }; + /** + * HTTP path from which to scrape for metrics. + * + * + * If empty, Prometheus uses the default value (e.g. `/metrics`). + */ + path?: string; + /** + * Name of the Pod port which this endpoint refers to. + * + * + * It takes precedence over `targetPort`. + */ + port?: string; + /** + * `proxyURL` configures the HTTP Proxy URL (e.g. + * "http://proxyserver:2195") to go through when scraping the target. + */ + proxyUrl?: string; + /** + * `relabelings` configures the relabeling rules to apply the target's + * metadata labels. + * + * + * The Operator automatically adds relabelings for a few standard Kubernetes fields. + * + * + * The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + * + * + * More info: + * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + */ + relabelings?: Relabeling[]; + /** + * HTTP scheme to use for scraping. + * + * + * `http` and `https` are the expected values unless you rewrite the + * `__scheme__` label via relabeling. + * + * + * If empty, Prometheus uses the default value `http`. + */ + scheme?: Scheme; + /** + * Timeout after which Prometheus considers the scrape to be failed. + * + * + * If empty, Prometheus uses the global scrape timeout unless it is less + * than the target's scrape interval value in which the latter is used. + */ + scrapeTimeout?: string; + /** + * Name or number of the target port of the `Pod` object behind the Service, the + * port must be specified with container port property. + * + * + * Deprecated: use 'port' instead. + */ + targetPort?: number | string; + /** + * TLS configuration to use when scraping the target. + */ + tlsConfig?: TLSConfig; + /** + * `trackTimestampsStaleness` defines whether Prometheus tracks staleness of + * the metrics that have an explicit timestamp present in scraped data. + * Has no effect if `honorTimestamps` is false. + * + * + * It requires Prometheus >= v2.48.0. + */ + trackTimestampsStaleness?: boolean; +} + +/** + * `authorization` configures the Authorization header credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `basicAuth`, or `oauth2`. + */ +export interface Authorization { + /** + * Selects a key of a Secret in the namespace that contains the credentials for + * authentication. + */ + credentials?: Credentials; + /** + * Defines the authentication type. The value is case-insensitive. + * + * + * "Basic" is not a supported value. + * + * + * Default: "Bearer" + */ + type?: string; +} + +/** + * Selects a key of a Secret in the namespace that contains the credentials for + * authentication. + */ +export interface Credentials { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * `basicAuth` configures the Basic Authentication credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `authorization`, or `oauth2`. + */ +export interface BasicAuth { + /** + * `password` specifies a key of a Secret containing the password for + * authentication. + */ + password?: Password; + /** + * `username` specifies a key of a Secret containing the username for + * authentication. + */ + username?: Username; +} + +/** + * `password` specifies a key of a Secret containing the password for + * authentication. + */ +export interface Password { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * `username` specifies a key of a Secret containing the username for + * authentication. + */ +export interface Username { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * `bearerTokenSecret` specifies a key of a Secret containing the bearer + * token for scraping targets. The secret needs to be in the same namespace + * as the PodMonitor object and readable by the Prometheus Operator. + * + * + * Deprecated: use `authorization` instead. + */ +export interface BearerTokenSecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + * scraped samples and remote write samples. + * + * + * More info: + * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + */ +export interface MetricRelabeling { + /** + * Action to perform based on the regex matching. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * Default: "Replace" + */ + action?: Action; + /** + * Modulus to take of the hash of the source label values. + * + * + * Only applicable when the action is `HashMod`. + */ + modulus?: number; + /** + * Regular expression against which the extracted value is matched. + */ + regex?: string; + /** + * Replacement value against which a Replace action is performed if the + * regular expression matches. + * + * + * Regex capture groups are available. + */ + replacement?: string; + /** + * Separator is the string between concatenated SourceLabels. + */ + separator?: string; + /** + * The source labels select values from existing labels. Their content is + * concatenated using the configured Separator and matched against the + * configured regular expression. + */ + sourceLabels?: string[]; + /** + * Label to which the resulting string is written in a replacement. + * + * + * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + * `KeepEqual` and `DropEqual` actions. + * + * + * Regex capture groups are available. + */ + targetLabel?: string; +} + +/** + * Action to perform based on the regex matching. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * Default: "Replace" + */ +export enum Action { + ActionDrop = "Drop", + ActionKeep = "Keep", + ActionLowercase = "Lowercase", + ActionReplace = "Replace", + ActionUppercase = "Uppercase", + Drop = "drop", + DropEqual = "DropEqual", + Dropequal = "dropequal", + HashMod = "HashMod", + Hashmod = "hashmod", + Keep = "keep", + KeepEqual = "KeepEqual", + Keepequal = "keepequal", + LabelDrop = "LabelDrop", + LabelKeep = "LabelKeep", + LabelMap = "LabelMap", + Labeldrop = "labeldrop", + Labelkeep = "labelkeep", + Labelmap = "labelmap", + Lowercase = "lowercase", + Replace = "replace", + Uppercase = "uppercase", +} + +/** + * `oauth2` configures the OAuth2 settings to use when scraping the target. + * + * + * It requires Prometheus >= 2.27.0. + * + * + * Cannot be set at the same time as `authorization`, or `basicAuth`. + */ +export interface Oauth2 { + /** + * `clientId` specifies a key of a Secret or ConfigMap containing the + * OAuth2 client's ID. + */ + clientId: ClientID; + /** + * `clientSecret` specifies a key of a Secret containing the OAuth2 + * client's secret. + */ + clientSecret: ClientSecret; + /** + * `endpointParams` configures the HTTP parameters to append to the token + * URL. + */ + endpointParams?: { [key: string]: string }; + /** + * `scopes` defines the OAuth2 scopes used for the token request. + */ + scopes?: string[]; + /** + * `tokenURL` configures the URL to fetch the token from. + */ + tokenUrl: string; +} + +/** + * `clientId` specifies a key of a Secret or ConfigMap containing the + * OAuth2 client's ID. + */ +export interface ClientID { + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: ClientIDConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: ClientIDSecret; +} + +/** + * ConfigMap containing data to use for the targets. + */ +export interface ClientIDConfigMap { + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; +} + +/** + * Secret containing data to use for the targets. + */ +export interface ClientIDSecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * `clientSecret` specifies a key of a Secret containing the OAuth2 + * client's secret. + */ +export interface ClientSecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + * scraped samples and remote write samples. + * + * + * More info: + * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + */ +export interface Relabeling { + /** + * Action to perform based on the regex matching. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * Default: "Replace" + */ + action?: Action; + /** + * Modulus to take of the hash of the source label values. + * + * + * Only applicable when the action is `HashMod`. + */ + modulus?: number; + /** + * Regular expression against which the extracted value is matched. + */ + regex?: string; + /** + * Replacement value against which a Replace action is performed if the + * regular expression matches. + * + * + * Regex capture groups are available. + */ + replacement?: string; + /** + * Separator is the string between concatenated SourceLabels. + */ + separator?: string; + /** + * The source labels select values from existing labels. Their content is + * concatenated using the configured Separator and matched against the + * configured regular expression. + */ + sourceLabels?: string[]; + /** + * Label to which the resulting string is written in a replacement. + * + * + * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + * `KeepEqual` and `DropEqual` actions. + * + * + * Regex capture groups are available. + */ + targetLabel?: string; +} + +/** + * HTTP scheme to use for scraping. + * + * + * `http` and `https` are the expected values unless you rewrite the + * `__scheme__` label via relabeling. + * + * + * If empty, Prometheus uses the default value `http`. + */ +export enum Scheme { + HTTP = "http", + HTTPS = "https", +} + +/** + * TLS configuration to use when scraping the target. + */ +export interface TLSConfig { + /** + * Certificate authority used when verifying server certificates. + */ + ca?: CA; + /** + * Client certificate to present when doing client-authentication. + */ + cert?: CERT; + /** + * Disable target certificate validation. + */ + insecureSkipVerify?: boolean; + /** + * Secret containing the client key file for the targets. + */ + keySecret?: KeySecret; + /** + * Used to verify the hostname for the targets. + */ + serverName?: string; +} + +/** + * Certificate authority used when verifying server certificates. + */ +export interface CA { + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: CAConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: CASecret; +} + +/** + * ConfigMap containing data to use for the targets. + */ +export interface CAConfigMap { + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; +} + +/** + * Secret containing data to use for the targets. + */ +export interface CASecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * Client certificate to present when doing client-authentication. + */ +export interface CERT { + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: CERTConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: CERTSecret; +} + +/** + * ConfigMap containing data to use for the targets. + */ +export interface CERTConfigMap { + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; +} + +/** + * Secret containing data to use for the targets. + */ +export interface CERTSecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * Secret containing the client key file for the targets. + */ +export interface KeySecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Add other useful fields. apiVersion, kind, uid? + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. + * Supported values are: + * * `OpenMetricsText0.0.1` + * * `OpenMetricsText1.0.0` + * * `PrometheusProto` + * * `PrometheusText0.0.4` + */ +export enum ScrapeProtocol { + OpenMetricsText001 = "OpenMetricsText0.0.1", + OpenMetricsText100 = "OpenMetricsText1.0.0", + PrometheusProto = "PrometheusProto", + PrometheusText004 = "PrometheusText0.0.4", +} + +/** + * Label selector to select the Kubernetes `Pod` objects. + */ +export interface Selector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + */ + matchExpressions?: MatchExpression[]; + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + * map is equivalent to an element of matchExpressions, whose key field is "key", the + * operator is "In", and the values array contains only "value". The requirements are ANDed. + */ + matchLabels?: { [key: string]: string }; +} + +/** + * A label selector requirement is a selector that contains values, a key, and an operator + * that + * relates the key and values. + */ +export interface MatchExpression { + /** + * key is the label key that the selector applies to. + */ + key: string; + /** + * operator represents a key's relationship to a set of values. + * Valid operators are In, NotIn, Exists and DoesNotExist. + */ + operator: string; + /** + * values is an array of string values. If the operator is In or NotIn, + * the values array must be non-empty. If the operator is Exists or DoesNotExist, + * the values array must be empty. This array is replaced during a strategic + * merge patch. + */ + values?: string[]; +} + +RegisterKind(PodMonitor, { + group: "monitoring.coreos.com", + version: "v1", + kind: "PodMonitor", +}); diff --git a/src/pepr/operator/crd/index.ts b/src/pepr/operator/crd/index.ts index 163b8387a..452259bac 100644 --- a/src/pepr/operator/crd/index.ts +++ b/src/pepr/operator/crd/index.ts @@ -2,8 +2,8 @@ export { Allow, Direction, Expose, - Monitor, Gateway, + Monitor, Phase, Status as PkgStatus, RemoteGenerated, @@ -20,17 +20,19 @@ export { } from "./generated/exemption-v1alpha1"; export { - VirtualService as IstioVirtualService, - HTTPRoute as IstioHTTPRoute, HTTP as IstioHTTP, + HTTPRoute as IstioHTTPRoute, + VirtualService as IstioVirtualService, } from "./generated/istio/virtualservice-v1beta1"; export { - ServiceEntry as IstioServiceEntry, - Location as IstioLocation, - Resolution as IstioResolution, Endpoint as IstioEndpoint, + Location as IstioLocation, Port as IstioPort, + Resolution as IstioResolution, + ServiceEntry as IstioServiceEntry, } from "./generated/istio/serviceentry-v1beta1"; -export * as Prometheus from "./generated/prometheus/servicemonitor-v1"; +export * as PrometheusPodMonitor from "./generated/prometheus/podmonitor-v1"; +export * as PrometheusServiceMonitor from "./generated/prometheus/servicemonitor-v1"; +// export * as Prometheus from "./generated/prometheus/servicemonitor-v1"; diff --git a/src/pepr/operator/crd/sources/package/v1alpha1.ts b/src/pepr/operator/crd/sources/package/v1alpha1.ts index 93dfe87cd..46fa38b10 100644 --- a/src/pepr/operator/crd/sources/package/v1alpha1.ts +++ b/src/pepr/operator/crd/sources/package/v1alpha1.ts @@ -2,6 +2,40 @@ import { V1CustomResourceDefinitionVersion, V1JSONSchemaProps } from "@kubernete import { advancedHTTP } from "../istio/virtualservice-v1beta1"; +const AuthorizationSchema: V1JSONSchemaProps = { + description: "Authorization settings.", + type: "object", + properties: { + credentials: { + description: + "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + type: "object", + properties: { + key: { + description: "The key of the secret to select from. Must be a valid secret key.", + type: "string", + }, + name: { + description: + "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + type: "string", + }, + optional: { + description: "Specify whether the Secret or its key must be defined", + type: "boolean", + }, + }, + required: ["key"], // Ensure key is required in the schema + }, + type: { + description: + 'Defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. Default: "Bearer"', + type: "string", + }, + }, + required: ["credentials"], // Ensure credentials is required in the schema +}; + const allow = { description: "Allow specific traffic (namespace will have a default-deny policy)", type: "array", @@ -160,7 +194,7 @@ const expose = { } as V1JSONSchemaProps; const monitor = { - description: "Create Service Monitor configurations", + description: "Create Service or Pod Monitor configurations", type: "array", items: { type: "object", @@ -202,6 +236,12 @@ const monitor = { description: "HTTP path from which to scrape for metrics, defaults to `/metrics`", type: "string", }, + kind: { + description: + "The type of monitor to create; PodMonitor or ServiceMonitor. ServiceMonitor is the default.", + type: "string", + }, + authorization: AuthorizationSchema, }, }, }; diff --git a/src/pepr/operator/reconcilers/package-reconciler.ts b/src/pepr/operator/reconcilers/package-reconciler.ts index db636c2d5..1987beb24 100644 --- a/src/pepr/operator/reconcilers/package-reconciler.ts +++ b/src/pepr/operator/reconcilers/package-reconciler.ts @@ -5,6 +5,7 @@ import { UDSConfig } from "../../config"; import { enableInjection } from "../controllers/istio/injection"; import { istioResources } from "../controllers/istio/istio-resources"; import { keycloak } from "../controllers/keycloak/client-sync"; +import { podMonitor } from "../controllers/monitoring/pod-monitor"; import { serviceMonitor } from "../controllers/monitoring/service-monitor"; import { networkPolicies } from "../controllers/network/policies"; import { Phase, UDSPackage } from "../crd"; @@ -46,8 +47,16 @@ export async function packageReconciler(pkg: UDSPackage) { // Only configure the ServiceMonitors if not running in single test mode let monitors: string[] = []; if (!UDSConfig.isSingleTest) { - // Create the ServiceMonitor for each monitored service - monitors = await serviceMonitor(pkg, namespace!); + if (pkg.spec?.monitor) { + for (const monitor of pkg.spec.monitor) { + const monitorKind = monitor.kind || "ServiceMonitor"; // Default to "ServiceMonitor" if kind is undefined + if (monitorKind === "PodMonitor") { + monitors = await podMonitor(pkg, namespace!); + } else if (monitorKind === "ServiceMonitor") { + monitors = await serviceMonitor(pkg, namespace!); + } + } + } } else { Log.warn(`Running in single test mode, skipping ${name} ServiceMonitors.`); } diff --git a/src/pepr/prometheus/index.ts b/src/pepr/prometheus/index.ts index bc471cac4..f19525c05 100644 --- a/src/pepr/prometheus/index.ts +++ b/src/pepr/prometheus/index.ts @@ -1,5 +1,5 @@ import { Capability, K8s, kind, Log } from "pepr"; -import { Prometheus } from "../operator/crd"; +import { PrometheusServiceMonitor } from "../operator/crd"; export const prometheus = new Capability({ name: "prometheus", @@ -11,7 +11,7 @@ const { When } = prometheus; /** * Mutate a service monitor to enable mTLS metrics */ -When(Prometheus.ServiceMonitor) +When(PrometheusServiceMonitor.ServiceMonitor) .IsCreatedOrUpdated() .Mutate(async sm => { // Provide an opt-out of mutation to handle complicated scenarios @@ -32,9 +32,9 @@ When(Prometheus.ServiceMonitor) keyFile: "/etc/prom-certs/key.pem", insecureSkipVerify: true, }; - const endpoints: Prometheus.Endpoint[] = sm.Raw.spec.endpoints; + const endpoints: PrometheusServiceMonitor.Endpoint[] = sm.Raw.spec.endpoints; endpoints.forEach(endpoint => { - endpoint.scheme = Prometheus.Scheme.HTTPS; + endpoint.scheme = PrometheusServiceMonitor.Scheme.HTTPS; endpoint.tlsConfig = tlsConfig; }); sm.Raw.spec.endpoints = endpoints; @@ -43,7 +43,7 @@ When(Prometheus.ServiceMonitor) } }); -async function isIstioInjected(sm: Prometheus.ServiceMonitor) { +async function isIstioInjected(sm: PrometheusServiceMonitor.ServiceMonitor) { const namespaces = sm.Raw.spec?.namespaceSelector?.matchNames || [sm.Raw.metadata?.namespace] || [ "default", ]; diff --git a/src/prometheus-stack/values/values.yaml b/src/prometheus-stack/values/values.yaml index 30d2b6559..a7ec8d3ee 100644 --- a/src/prometheus-stack/values/values.yaml +++ b/src/prometheus-stack/values/values.yaml @@ -24,6 +24,16 @@ prometheus: prometheusSpec: enableFeatures: - remote-write-receiver + additionalConfig: + scrapeClasses: + - name: istio-certs + default: true + tlsConfig: + caFile: /etc/prom-certs/root-cert.pem + certFile: /etc/prom-certs/cert-chain.pem + keyFile: /etc/prom-certs/key.pem + insecureSkipVerify: true + - name: exempt podMetadata: annotations: proxy.istio.io/config: | diff --git a/tasks.yaml b/tasks.yaml index d6976988a..89679576d 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -21,6 +21,13 @@ tasks: - description: "Build, deploy and test UDS Core" task: test-uds-core + - name: dev + actions: + - task: create:pepr-build + - description: "Full Slim Dev Deploy" + task: setup:create-k3d-cluster + - cmd: ./uds zarf dev deploy packages/slim-dev --flavor ${FLAVOR} + - name: dev-setup actions: - description: "Create the dev cluster" diff --git a/tasks/create.yaml b/tasks/create.yaml index 8a007935d..03ef21587 100644 --- a/tasks/create.yaml +++ b/tasks/create.yaml @@ -63,4 +63,4 @@ tasks: CUSTOM_PEPR_IMAGE=$( [ "${FLAVOR}" = "registry1" ] && echo "--custom-image ${REGISTRY1_PEPR_IMAGE}" ) || CUSTOM_PEPR_IMAGE="" rm -fr dist npm ci - npx pepr build $CUSTOM_PEPR_IMAGE + npx pepr build $CUSTOM_PEPR_IMAGE -z chart From c896ed7aca11804806de458e641cba71af4005bf Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Thu, 27 Jun 2024 12:52:57 -0400 Subject: [PATCH 02/19] pepr monitoring updates and add exampt class to istio and prometheus pod monitors --- .../crd/generated/exemption-v1alpha1.ts | 15 +- .../crd/generated/package-v1alpha1.ts | 3 +- .../crd/generated/prometheus/podmonitor-v1.ts | 1451 ++++++++-------- .../generated/prometheus/servicemonitor-v1.ts | 1467 ++++++++++------- src/pepr/operator/crd/index.ts | 48 +- src/pepr/prometheus/index.ts | 10 +- src/pepr/tasks.yaml | 4 +- .../chart/templates/istio-monitor.yaml | 1 + .../templates/prometheus-pod-monitor.yaml | 1 + src/test/app-tenant.yaml | 78 + 10 files changed, 1720 insertions(+), 1358 deletions(-) diff --git a/src/pepr/operator/crd/generated/exemption-v1alpha1.ts b/src/pepr/operator/crd/generated/exemption-v1alpha1.ts index 32ba6c954..487c4961f 100644 --- a/src/pepr/operator/crd/generated/exemption-v1alpha1.ts +++ b/src/pepr/operator/crd/generated/exemption-v1alpha1.ts @@ -4,14 +4,13 @@ import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; export class Exemption extends GenericKind { spec?: Spec; - status?: Status; } export interface Spec { /** * Policy exemptions */ - exemptions?: ExemptionElement[]; + exemptions: ExemptionElement[]; } export interface ExemptionElement { @@ -64,18 +63,6 @@ export enum Policy { RestrictVolumeTypes = "RestrictVolumeTypes", } -export interface Status { - observedGeneration?: number; - phase?: Phase; - titles?: string[]; -} - -export enum Phase { - Failed = "Failed", - Pending = "Pending", - Ready = "Ready", -} - RegisterKind(Exemption, { group: "uds.dev", version: "v1alpha1", diff --git a/src/pepr/operator/crd/generated/package-v1alpha1.ts b/src/pepr/operator/crd/generated/package-v1alpha1.ts index 3d14e1748..3874973b9 100644 --- a/src/pepr/operator/crd/generated/package-v1alpha1.ts +++ b/src/pepr/operator/crd/generated/package-v1alpha1.ts @@ -9,7 +9,7 @@ export class Package extends GenericKind { export interface Spec { /** - * Create Service Monitor configurations + * Create Service or Pod Monitor configurations */ monitor?: Monitor[]; /** @@ -585,6 +585,7 @@ export interface Status { networkPolicyCount?: number; observedGeneration?: number; phase?: Phase; + retryAttempt?: number; ssoClients?: string[]; } diff --git a/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts b/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts index 3ce5614f9..a6e9c3b7a 100644 --- a/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts +++ b/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts @@ -6,121 +6,121 @@ import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; * PodMonitor defines monitoring for a set of pods. */ export class PodMonitor extends GenericKind { - /** - * Specification of desired Pod selection for target discovery by Prometheus. - */ - spec?: Spec; + /** + * Specification of desired Pod selection for target discovery by Prometheus. + */ + spec?: Spec; } /** * Specification of desired Pod selection for target discovery by Prometheus. */ export interface Spec { - /** - * `attachMetadata` defines additional metadata which is added to the - * discovered targets. - * - * - * It requires Prometheus >= v2.37.0. - */ - attachMetadata?: AttachMetadata; - /** - * When defined, bodySizeLimit specifies a job level limit on the size - * of uncompressed response body that will be accepted by Prometheus. - * - * - * It requires Prometheus >= v2.28.0. - */ - bodySizeLimit?: string; - /** - * The label to use to retrieve the job name from. - * `jobLabel` selects the label from the associated Kubernetes `Pod` - * object which will be used as the `job` label for all metrics. - * - * - * For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` - * object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` - * label to all ingested metrics. - * - * - * If the value of this field is empty, the `job` label of the metrics - * defaults to the namespace and name of the PodMonitor object (e.g. `/`). - */ - jobLabel?: string; - /** - * Per-scrape limit on the number of targets dropped by relabeling - * that will be kept in memory. 0 means no limit. - * - * - * It requires Prometheus >= v2.47.0. - */ - keepDroppedTargets?: number; - /** - * Per-scrape limit on number of labels that will be accepted for a sample. - * - * - * It requires Prometheus >= v2.27.0. - */ - labelLimit?: number; - /** - * Per-scrape limit on length of labels name that will be accepted for a sample. - * - * - * It requires Prometheus >= v2.27.0. - */ - labelNameLengthLimit?: number; - /** - * Per-scrape limit on length of labels value that will be accepted for a sample. - * - * - * It requires Prometheus >= v2.27.0. - */ - labelValueLengthLimit?: number; - /** - * Selector to select which namespaces the Kubernetes `Pods` objects - * are discovered from. - */ - namespaceSelector?: NamespaceSelector; - /** - * List of endpoints part of this PodMonitor. - */ - podMetricsEndpoints?: PodMetricsEndpoint[]; - /** - * `podTargetLabels` defines the labels which are transferred from the - * associated Kubernetes `Pod` object onto the ingested metrics. - */ - podTargetLabels?: string[]; - /** - * `sampleLimit` defines a per-scrape limit on the number of scraped samples - * that will be accepted. - */ - sampleLimit?: number; - /** - * The scrape class to apply. - */ - scrapeClass?: string; - /** - * `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients - * the - * protocols supported by Prometheus in order of preference (from most to least - * preferred). - * - * - * If unset, Prometheus uses its default value. - * - * - * It requires Prometheus >= v2.49.0. - */ - scrapeProtocols?: ScrapeProtocol[]; - /** - * Label selector to select the Kubernetes `Pod` objects. - */ - selector: Selector; - /** - * `targetLimit` defines a limit on the number of scraped targets that will - * be accepted. - */ - targetLimit?: number; + /** + * `attachMetadata` defines additional metadata which is added to the + * discovered targets. + * + * + * It requires Prometheus >= v2.37.0. + */ + attachMetadata?: AttachMetadata; + /** + * When defined, bodySizeLimit specifies a job level limit on the size + * of uncompressed response body that will be accepted by Prometheus. + * + * + * It requires Prometheus >= v2.28.0. + */ + bodySizeLimit?: string; + /** + * The label to use to retrieve the job name from. + * `jobLabel` selects the label from the associated Kubernetes `Pod` + * object which will be used as the `job` label for all metrics. + * + * + * For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` + * object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` + * label to all ingested metrics. + * + * + * If the value of this field is empty, the `job` label of the metrics + * defaults to the namespace and name of the PodMonitor object (e.g. `/`). + */ + jobLabel?: string; + /** + * Per-scrape limit on the number of targets dropped by relabeling + * that will be kept in memory. 0 means no limit. + * + * + * It requires Prometheus >= v2.47.0. + */ + keepDroppedTargets?: number; + /** + * Per-scrape limit on number of labels that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelLimit?: number; + /** + * Per-scrape limit on length of labels name that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelNameLengthLimit?: number; + /** + * Per-scrape limit on length of labels value that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelValueLengthLimit?: number; + /** + * Selector to select which namespaces the Kubernetes `Pods` objects + * are discovered from. + */ + namespaceSelector?: NamespaceSelector; + /** + * List of endpoints part of this PodMonitor. + */ + podMetricsEndpoints?: PodMetricsEndpoint[]; + /** + * `podTargetLabels` defines the labels which are transferred from the + * associated Kubernetes `Pod` object onto the ingested metrics. + */ + podTargetLabels?: string[]; + /** + * `sampleLimit` defines a per-scrape limit on the number of scraped samples + * that will be accepted. + */ + sampleLimit?: number; + /** + * The scrape class to apply. + */ + scrapeClass?: string; + /** + * `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients + * the + * protocols supported by Prometheus in order of preference (from most to least + * preferred). + * + * + * If unset, Prometheus uses its default value. + * + * + * It requires Prometheus >= v2.49.0. + */ + scrapeProtocols?: ScrapeProtocol[]; + /** + * Label selector to select the Kubernetes `Pod` objects. + */ + selector: Selector; + /** + * `targetLimit` defines a limit on the number of scraped targets that will + * be accepted. + */ + targetLimit?: number; } /** @@ -131,11 +131,11 @@ export interface Spec { * It requires Prometheus >= v2.37.0. */ export interface AttachMetadata { - /** - * When set to true, Prometheus must have the `get` permission on the - * `Nodes` objects. - */ - node?: boolean; + /** + * When set to true, Prometheus must have the `get` permission on the + * `Nodes` objects. + */ + node?: boolean; } /** @@ -143,15 +143,15 @@ export interface AttachMetadata { * are discovered from. */ export interface NamespaceSelector { - /** - * Boolean describing whether all namespaces are selected in contrast to a - * list restricting them. - */ - any?: boolean; - /** - * List of namespace names to select from. - */ - matchNames?: string[]; + /** + * Boolean describing whether all namespaces are selected in contrast to a + * list restricting them. + */ + any?: boolean; + /** + * List of namespace names to select from. + */ + matchNames?: string[]; } /** @@ -159,161 +159,161 @@ export interface NamespaceSelector { * Prometheus. */ export interface PodMetricsEndpoint { - /** - * `authorization` configures the Authorization header credentials to use when - * scraping the target. - * - * - * Cannot be set at the same time as `basicAuth`, or `oauth2`. - */ - authorization?: Authorization; - /** - * `basicAuth` configures the Basic Authentication credentials to use when - * scraping the target. - * - * - * Cannot be set at the same time as `authorization`, or `oauth2`. - */ - basicAuth?: BasicAuth; - /** - * `bearerTokenSecret` specifies a key of a Secret containing the bearer - * token for scraping targets. The secret needs to be in the same namespace - * as the PodMonitor object and readable by the Prometheus Operator. - * - * - * Deprecated: use `authorization` instead. - */ - bearerTokenSecret?: BearerTokenSecret; - /** - * `enableHttp2` can be used to disable HTTP2 when scraping the target. - */ - enableHttp2?: boolean; - /** - * When true, the pods which are not running (e.g. either in Failed or - * Succeeded state) are dropped during the target discovery. - * - * - * If unset, the filtering is enabled. - * - * - * More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase - */ - filterRunning?: boolean; - /** - * `followRedirects` defines whether the scrape requests should follow HTTP - * 3xx redirects. - */ - followRedirects?: boolean; - /** - * When true, `honorLabels` preserves the metric's labels when they collide - * with the target's labels. - */ - honorLabels?: boolean; - /** - * `honorTimestamps` controls whether Prometheus preserves the timestamps - * when exposed by the target. - */ - honorTimestamps?: boolean; - /** - * Interval at which Prometheus scrapes the metrics from the target. - * - * - * If empty, Prometheus uses the global scrape interval. - */ - interval?: string; - /** - * `metricRelabelings` configures the relabeling rules to apply to the - * samples before ingestion. - */ - metricRelabelings?: MetricRelabeling[]; - /** - * `oauth2` configures the OAuth2 settings to use when scraping the target. - * - * - * It requires Prometheus >= 2.27.0. - * - * - * Cannot be set at the same time as `authorization`, or `basicAuth`. - */ - oauth2?: Oauth2; - /** - * `params` define optional HTTP URL parameters. - */ - params?: { [key: string]: string[] }; - /** - * HTTP path from which to scrape for metrics. - * - * - * If empty, Prometheus uses the default value (e.g. `/metrics`). - */ - path?: string; - /** - * Name of the Pod port which this endpoint refers to. - * - * - * It takes precedence over `targetPort`. - */ - port?: string; - /** - * `proxyURL` configures the HTTP Proxy URL (e.g. - * "http://proxyserver:2195") to go through when scraping the target. - */ - proxyUrl?: string; - /** - * `relabelings` configures the relabeling rules to apply the target's - * metadata labels. - * - * - * The Operator automatically adds relabelings for a few standard Kubernetes fields. - * - * - * The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - * - * - * More info: - * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - */ - relabelings?: Relabeling[]; - /** - * HTTP scheme to use for scraping. - * - * - * `http` and `https` are the expected values unless you rewrite the - * `__scheme__` label via relabeling. - * - * - * If empty, Prometheus uses the default value `http`. - */ - scheme?: Scheme; - /** - * Timeout after which Prometheus considers the scrape to be failed. - * - * - * If empty, Prometheus uses the global scrape timeout unless it is less - * than the target's scrape interval value in which the latter is used. - */ - scrapeTimeout?: string; - /** - * Name or number of the target port of the `Pod` object behind the Service, the - * port must be specified with container port property. - * - * - * Deprecated: use 'port' instead. - */ - targetPort?: number | string; - /** - * TLS configuration to use when scraping the target. - */ - tlsConfig?: TLSConfig; - /** - * `trackTimestampsStaleness` defines whether Prometheus tracks staleness of - * the metrics that have an explicit timestamp present in scraped data. - * Has no effect if `honorTimestamps` is false. - * - * - * It requires Prometheus >= v2.48.0. - */ - trackTimestampsStaleness?: boolean; + /** + * `authorization` configures the Authorization header credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `basicAuth`, or `oauth2`. + */ + authorization?: Authorization; + /** + * `basicAuth` configures the Basic Authentication credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `authorization`, or `oauth2`. + */ + basicAuth?: BasicAuth; + /** + * `bearerTokenSecret` specifies a key of a Secret containing the bearer + * token for scraping targets. The secret needs to be in the same namespace + * as the PodMonitor object and readable by the Prometheus Operator. + * + * + * Deprecated: use `authorization` instead. + */ + bearerTokenSecret?: BearerTokenSecret; + /** + * `enableHttp2` can be used to disable HTTP2 when scraping the target. + */ + enableHttp2?: boolean; + /** + * When true, the pods which are not running (e.g. either in Failed or + * Succeeded state) are dropped during the target discovery. + * + * + * If unset, the filtering is enabled. + * + * + * More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase + */ + filterRunning?: boolean; + /** + * `followRedirects` defines whether the scrape requests should follow HTTP + * 3xx redirects. + */ + followRedirects?: boolean; + /** + * When true, `honorLabels` preserves the metric's labels when they collide + * with the target's labels. + */ + honorLabels?: boolean; + /** + * `honorTimestamps` controls whether Prometheus preserves the timestamps + * when exposed by the target. + */ + honorTimestamps?: boolean; + /** + * Interval at which Prometheus scrapes the metrics from the target. + * + * + * If empty, Prometheus uses the global scrape interval. + */ + interval?: string; + /** + * `metricRelabelings` configures the relabeling rules to apply to the + * samples before ingestion. + */ + metricRelabelings?: MetricRelabeling[]; + /** + * `oauth2` configures the OAuth2 settings to use when scraping the target. + * + * + * It requires Prometheus >= 2.27.0. + * + * + * Cannot be set at the same time as `authorization`, or `basicAuth`. + */ + oauth2?: Oauth2; + /** + * `params` define optional HTTP URL parameters. + */ + params?: { [key: string]: string[] }; + /** + * HTTP path from which to scrape for metrics. + * + * + * If empty, Prometheus uses the default value (e.g. `/metrics`). + */ + path?: string; + /** + * Name of the Pod port which this endpoint refers to. + * + * + * It takes precedence over `targetPort`. + */ + port?: string; + /** + * `proxyURL` configures the HTTP Proxy URL (e.g. + * "http://proxyserver:2195") to go through when scraping the target. + */ + proxyUrl?: string; + /** + * `relabelings` configures the relabeling rules to apply the target's + * metadata labels. + * + * + * The Operator automatically adds relabelings for a few standard Kubernetes fields. + * + * + * The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + * + * + * More info: + * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + */ + relabelings?: Relabeling[]; + /** + * HTTP scheme to use for scraping. + * + * + * `http` and `https` are the expected values unless you rewrite the + * `__scheme__` label via relabeling. + * + * + * If empty, Prometheus uses the default value `http`. + */ + scheme?: Scheme; + /** + * Timeout after which Prometheus considers the scrape to be failed. + * + * + * If empty, Prometheus uses the global scrape timeout unless it is less + * than the target's scrape interval value in which the latter is used. + */ + scrapeTimeout?: string; + /** + * Name or number of the target port of the `Pod` object behind the Service, the + * port must be specified with container port property. + * + * + * Deprecated: use 'port' instead. + */ + targetPort?: number | string; + /** + * TLS configuration to use when scraping the target. + */ + tlsConfig?: TLSConfig; + /** + * `trackTimestampsStaleness` defines whether Prometheus tracks staleness of + * the metrics that have an explicit timestamp present in scraped data. + * Has no effect if `honorTimestamps` is false. + * + * + * It requires Prometheus >= v2.48.0. + */ + trackTimestampsStaleness?: boolean; } /** @@ -324,21 +324,21 @@ export interface PodMetricsEndpoint { * Cannot be set at the same time as `basicAuth`, or `oauth2`. */ export interface Authorization { - /** - * Selects a key of a Secret in the namespace that contains the credentials for - * authentication. - */ - credentials?: Credentials; - /** - * Defines the authentication type. The value is case-insensitive. - * - * - * "Basic" is not a supported value. - * - * - * Default: "Bearer" - */ - type?: string; + /** + * Selects a key of a Secret in the namespace that contains the credentials for + * authentication. + */ + credentials?: Credentials; + /** + * Defines the authentication type. The value is case-insensitive. + * + * + * "Basic" is not a supported value. + * + * + * Default: "Bearer" + */ + type?: string; } /** @@ -346,20 +346,25 @@ export interface Authorization { * authentication. */ export interface Credentials { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -370,16 +375,16 @@ export interface Credentials { * Cannot be set at the same time as `authorization`, or `oauth2`. */ export interface BasicAuth { - /** - * `password` specifies a key of a Secret containing the password for - * authentication. - */ - password?: Password; - /** - * `username` specifies a key of a Secret containing the username for - * authentication. - */ - username?: Username; + /** + * `password` specifies a key of a Secret containing the password for + * authentication. + */ + password?: Password; + /** + * `username` specifies a key of a Secret containing the username for + * authentication. + */ + username?: Username; } /** @@ -387,20 +392,25 @@ export interface BasicAuth { * authentication. */ export interface Password { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -408,20 +418,25 @@ export interface Password { * authentication. */ export interface Username { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -433,20 +448,25 @@ export interface Username { * Deprecated: use `authorization` instead. */ export interface BearerTokenSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -458,57 +478,57 @@ export interface BearerTokenSecret { * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ export interface MetricRelabeling { - /** - * Action to perform based on the regex matching. - * - * - * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - * - * - * Default: "Replace" - */ - action?: Action; - /** - * Modulus to take of the hash of the source label values. - * - * - * Only applicable when the action is `HashMod`. - */ - modulus?: number; - /** - * Regular expression against which the extracted value is matched. - */ - regex?: string; - /** - * Replacement value against which a Replace action is performed if the - * regular expression matches. - * - * - * Regex capture groups are available. - */ - replacement?: string; - /** - * Separator is the string between concatenated SourceLabels. - */ - separator?: string; - /** - * The source labels select values from existing labels. Their content is - * concatenated using the configured Separator and matched against the - * configured regular expression. - */ - sourceLabels?: string[]; - /** - * Label to which the resulting string is written in a replacement. - * - * - * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - * `KeepEqual` and `DropEqual` actions. - * - * - * Regex capture groups are available. - */ - targetLabel?: string; + /** + * Action to perform based on the regex matching. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * Default: "Replace" + */ + action?: Action; + /** + * Modulus to take of the hash of the source label values. + * + * + * Only applicable when the action is `HashMod`. + */ + modulus?: number; + /** + * Regular expression against which the extracted value is matched. + */ + regex?: string; + /** + * Replacement value against which a Replace action is performed if the + * regular expression matches. + * + * + * Regex capture groups are available. + */ + replacement?: string; + /** + * Separator is the string between concatenated SourceLabels. + */ + separator?: string; + /** + * The source labels select values from existing labels. Their content is + * concatenated using the configured Separator and matched against the + * configured regular expression. + */ + sourceLabels?: string[]; + /** + * Label to which the resulting string is written in a replacement. + * + * + * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + * `KeepEqual` and `DropEqual` actions. + * + * + * Regex capture groups are available. + */ + targetLabel?: string; } /** @@ -522,28 +542,28 @@ export interface MetricRelabeling { * Default: "Replace" */ export enum Action { - ActionDrop = "Drop", - ActionKeep = "Keep", - ActionLowercase = "Lowercase", - ActionReplace = "Replace", - ActionUppercase = "Uppercase", - Drop = "drop", - DropEqual = "DropEqual", - Dropequal = "dropequal", - HashMod = "HashMod", - Hashmod = "hashmod", - Keep = "keep", - KeepEqual = "KeepEqual", - Keepequal = "keepequal", - LabelDrop = "LabelDrop", - LabelKeep = "LabelKeep", - LabelMap = "LabelMap", - Labeldrop = "labeldrop", - Labelkeep = "labelkeep", - Labelmap = "labelmap", - Lowercase = "lowercase", - Replace = "replace", - Uppercase = "uppercase", + ActionDrop = "Drop", + ActionKeep = "Keep", + ActionLowercase = "Lowercase", + ActionReplace = "Replace", + ActionUppercase = "Uppercase", + Drop = "drop", + DropEqual = "DropEqual", + Dropequal = "dropequal", + HashMod = "HashMod", + Hashmod = "hashmod", + Keep = "keep", + KeepEqual = "KeepEqual", + Keepequal = "keepequal", + LabelDrop = "LabelDrop", + LabelKeep = "LabelKeep", + LabelMap = "LabelMap", + Labeldrop = "labeldrop", + Labelkeep = "labelkeep", + Labelmap = "labelmap", + Lowercase = "lowercase", + Replace = "replace", + Uppercase = "uppercase", } /** @@ -556,29 +576,29 @@ export enum Action { * Cannot be set at the same time as `authorization`, or `basicAuth`. */ export interface Oauth2 { - /** - * `clientId` specifies a key of a Secret or ConfigMap containing the - * OAuth2 client's ID. - */ - clientId: ClientID; - /** - * `clientSecret` specifies a key of a Secret containing the OAuth2 - * client's secret. - */ - clientSecret: ClientSecret; - /** - * `endpointParams` configures the HTTP parameters to append to the token - * URL. - */ - endpointParams?: { [key: string]: string }; - /** - * `scopes` defines the OAuth2 scopes used for the token request. - */ - scopes?: string[]; - /** - * `tokenURL` configures the URL to fetch the token from. - */ - tokenUrl: string; + /** + * `clientId` specifies a key of a Secret or ConfigMap containing the + * OAuth2 client's ID. + */ + clientId: ClientID; + /** + * `clientSecret` specifies a key of a Secret containing the OAuth2 + * client's secret. + */ + clientSecret: ClientSecret; + /** + * `endpointParams` configures the HTTP parameters to append to the token + * URL. + */ + endpointParams?: { [key: string]: string }; + /** + * `scopes` defines the OAuth2 scopes used for the token request. + */ + scopes?: string[]; + /** + * `tokenURL` configures the URL to fetch the token from. + */ + tokenUrl: string; } /** @@ -586,54 +606,64 @@ export interface Oauth2 { * OAuth2 client's ID. */ export interface ClientID { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: ClientIDConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: ClientIDSecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: ClientIDConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: ClientIDSecret; } /** * ConfigMap containing data to use for the targets. */ export interface ClientIDConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface ClientIDSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -641,20 +671,25 @@ export interface ClientIDSecret { * client's secret. */ export interface ClientSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -666,57 +701,57 @@ export interface ClientSecret { * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ export interface Relabeling { - /** - * Action to perform based on the regex matching. - * - * - * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - * - * - * Default: "Replace" - */ - action?: Action; - /** - * Modulus to take of the hash of the source label values. - * - * - * Only applicable when the action is `HashMod`. - */ - modulus?: number; - /** - * Regular expression against which the extracted value is matched. - */ - regex?: string; - /** - * Replacement value against which a Replace action is performed if the - * regular expression matches. - * - * - * Regex capture groups are available. - */ - replacement?: string; - /** - * Separator is the string between concatenated SourceLabels. - */ - separator?: string; - /** - * The source labels select values from existing labels. Their content is - * concatenated using the configured Separator and matched against the - * configured regular expression. - */ - sourceLabels?: string[]; - /** - * Label to which the resulting string is written in a replacement. - * - * - * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - * `KeepEqual` and `DropEqual` actions. - * - * - * Regex capture groups are available. - */ - targetLabel?: string; + /** + * Action to perform based on the regex matching. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * Default: "Replace" + */ + action?: Action; + /** + * Modulus to take of the hash of the source label values. + * + * + * Only applicable when the action is `HashMod`. + */ + modulus?: number; + /** + * Regular expression against which the extracted value is matched. + */ + regex?: string; + /** + * Replacement value against which a Replace action is performed if the + * regular expression matches. + * + * + * Regex capture groups are available. + */ + replacement?: string; + /** + * Separator is the string between concatenated SourceLabels. + */ + separator?: string; + /** + * The source labels select values from existing labels. Their content is + * concatenated using the configured Separator and matched against the + * configured regular expression. + */ + sourceLabels?: string[]; + /** + * Label to which the resulting string is written in a replacement. + * + * + * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + * `KeepEqual` and `DropEqual` actions. + * + * + * Regex capture groups are available. + */ + targetLabel?: string; } /** @@ -730,162 +765,187 @@ export interface Relabeling { * If empty, Prometheus uses the default value `http`. */ export enum Scheme { - HTTP = "http", - HTTPS = "https", + HTTP = "http", + HTTPS = "https", } /** * TLS configuration to use when scraping the target. */ export interface TLSConfig { - /** - * Certificate authority used when verifying server certificates. - */ - ca?: CA; - /** - * Client certificate to present when doing client-authentication. - */ - cert?: CERT; - /** - * Disable target certificate validation. - */ - insecureSkipVerify?: boolean; - /** - * Secret containing the client key file for the targets. - */ - keySecret?: KeySecret; - /** - * Used to verify the hostname for the targets. - */ - serverName?: string; + /** + * Certificate authority used when verifying server certificates. + */ + ca?: CA; + /** + * Client certificate to present when doing client-authentication. + */ + cert?: CERT; + /** + * Disable target certificate validation. + */ + insecureSkipVerify?: boolean; + /** + * Secret containing the client key file for the targets. + */ + keySecret?: KeySecret; + /** + * Used to verify the hostname for the targets. + */ + serverName?: string; } /** * Certificate authority used when verifying server certificates. */ export interface CA { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: CAConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: CASecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: CAConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: CASecret; } /** * ConfigMap containing data to use for the targets. */ export interface CAConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface CASecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** * Client certificate to present when doing client-authentication. */ export interface CERT { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: CERTConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: CERTSecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: CERTConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: CERTSecret; } /** * ConfigMap containing data to use for the targets. */ export interface CERTConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface CERTSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** * Secret containing the client key file for the targets. */ export interface KeySecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Add other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -897,26 +957,26 @@ export interface KeySecret { * * `PrometheusText0.0.4` */ export enum ScrapeProtocol { - OpenMetricsText001 = "OpenMetricsText0.0.1", - OpenMetricsText100 = "OpenMetricsText1.0.0", - PrometheusProto = "PrometheusProto", - PrometheusText004 = "PrometheusText0.0.4", + OpenMetricsText001 = "OpenMetricsText0.0.1", + OpenMetricsText100 = "OpenMetricsText1.0.0", + PrometheusProto = "PrometheusProto", + PrometheusText004 = "PrometheusText0.0.4", } /** * Label selector to select the Kubernetes `Pod` objects. */ export interface Selector { - /** - * matchExpressions is a list of label selector requirements. The requirements are ANDed. - */ - matchExpressions?: MatchExpression[]; - /** - * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - * map is equivalent to an element of matchExpressions, whose key field is "key", the - * operator is "In", and the values array contains only "value". The requirements are ANDed. - */ - matchLabels?: { [key: string]: string }; + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + */ + matchExpressions?: MatchExpression[]; + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + * map is equivalent to an element of matchExpressions, whose key field is "key", the + * operator is "In", and the values array contains only "value". The requirements are ANDed. + */ + matchLabels?: { [key: string]: string }; } /** @@ -925,26 +985,27 @@ export interface Selector { * relates the key and values. */ export interface MatchExpression { - /** - * key is the label key that the selector applies to. - */ - key: string; - /** - * operator represents a key's relationship to a set of values. - * Valid operators are In, NotIn, Exists and DoesNotExist. - */ - operator: string; - /** - * values is an array of string values. If the operator is In or NotIn, - * the values array must be non-empty. If the operator is Exists or DoesNotExist, - * the values array must be empty. This array is replaced during a strategic - * merge patch. - */ - values?: string[]; + /** + * key is the label key that the selector applies to. + */ + key: string; + /** + * operator represents a key's relationship to a set of values. + * Valid operators are In, NotIn, Exists and DoesNotExist. + */ + operator: string; + /** + * values is an array of string values. If the operator is In or NotIn, + * the values array must be non-empty. If the operator is Exists or DoesNotExist, + * the values array must be empty. This array is replaced during a strategic + * merge patch. + */ + values?: string[]; } RegisterKind(PodMonitor, { group: "monitoring.coreos.com", version: "v1", kind: "PodMonitor", -}); + plural: "podmonitors", +}); \ No newline at end of file diff --git a/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts b/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts index 4d776ccd4..3e4bd1a06 100644 --- a/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts +++ b/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts @@ -6,242 +6,334 @@ import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; * ServiceMonitor defines monitoring for a set of services. */ export class ServiceMonitor extends GenericKind { - /** - * Specification of desired Service selection for target discovery by Prometheus. - */ - spec?: Spec; + /** + * Specification of desired Service selection for target discovery by + * Prometheus. + */ + spec?: Spec; } /** - * Specification of desired Service selection for target discovery by Prometheus. + * Specification of desired Service selection for target discovery by + * Prometheus. */ export interface Spec { - /** - * `attachMetadata` defines additional metadata which is added to the discovered targets. - * It requires Prometheus >= v2.37.0. - */ - attachMetadata?: AttachMetadata; - /** - * List of endpoints part of this ServiceMonitor. - */ - endpoints?: Endpoint[]; - /** - * `jobLabel` selects the label from the associated Kubernetes `Service` object which will - * be used as the `job` label for all metrics. - * For example if `jobLabel` is set to `foo` and the Kubernetes `Service` object is labeled - * with `foo: bar`, then Prometheus adds the `job="bar"` label to all ingested metrics. - * If the value of this field is empty or if the label doesn't exist for the given Service, - * the `job` label of the metrics defaults to the name of the associated Kubernetes - * `Service`. - */ - jobLabel?: string; - /** - * Per-scrape limit on the number of targets dropped by relabeling that will be kept in - * memory. 0 means no limit. - * It requires Prometheus >= v2.47.0. - */ - keepDroppedTargets?: number; - /** - * Per-scrape limit on number of labels that will be accepted for a sample. - * It requires Prometheus >= v2.27.0. - */ - labelLimit?: number; - /** - * Per-scrape limit on length of labels name that will be accepted for a sample. - * It requires Prometheus >= v2.27.0. - */ - labelNameLengthLimit?: number; - /** - * Per-scrape limit on length of labels value that will be accepted for a sample. - * It requires Prometheus >= v2.27.0. - */ - labelValueLengthLimit?: number; - /** - * Selector to select which namespaces the Kubernetes `Endpoints` objects are discovered - * from. - */ - namespaceSelector?: NamespaceSelector; - /** - * `podTargetLabels` defines the labels which are transferred from the associated Kubernetes - * `Pod` object onto the ingested metrics. - */ - podTargetLabels?: string[]; - /** - * `sampleLimit` defines a per-scrape limit on the number of scraped samples that will be - * accepted. - */ - sampleLimit?: number; - /** - * Label selector to select the Kubernetes `Endpoints` objects. - */ - selector: Selector; - /** - * `targetLabels` defines the labels which are transferred from the associated Kubernetes - * `Service` object onto the ingested metrics. - */ - targetLabels?: string[]; - /** - * `targetLimit` defines a limit on the number of scraped targets that will be accepted. - */ - targetLimit?: number; + /** + * `attachMetadata` defines additional metadata which is added to the + * discovered targets. + * + * + * It requires Prometheus >= v2.37.0. + */ + attachMetadata?: AttachMetadata; + /** + * When defined, bodySizeLimit specifies a job level limit on the size + * of uncompressed response body that will be accepted by Prometheus. + * + * + * It requires Prometheus >= v2.28.0. + */ + bodySizeLimit?: string; + /** + * List of endpoints part of this ServiceMonitor. + */ + endpoints?: Endpoint[]; + /** + * `jobLabel` selects the label from the associated Kubernetes `Service` + * object which will be used as the `job` label for all metrics. + * + * + * For example if `jobLabel` is set to `foo` and the Kubernetes `Service` + * object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` + * label to all ingested metrics. + * + * + * If the value of this field is empty or if the label doesn't exist for + * the given Service, the `job` label of the metrics defaults to the name + * of the associated Kubernetes `Service`. + */ + jobLabel?: string; + /** + * Per-scrape limit on the number of targets dropped by relabeling + * that will be kept in memory. 0 means no limit. + * + * + * It requires Prometheus >= v2.47.0. + */ + keepDroppedTargets?: number; + /** + * Per-scrape limit on number of labels that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelLimit?: number; + /** + * Per-scrape limit on length of labels name that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelNameLengthLimit?: number; + /** + * Per-scrape limit on length of labels value that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelValueLengthLimit?: number; + /** + * Selector to select which namespaces the Kubernetes `Endpoints` objects + * are discovered from. + */ + namespaceSelector?: NamespaceSelector; + /** + * `podTargetLabels` defines the labels which are transferred from the + * associated Kubernetes `Pod` object onto the ingested metrics. + */ + podTargetLabels?: string[]; + /** + * `sampleLimit` defines a per-scrape limit on the number of scraped samples + * that will be accepted. + */ + sampleLimit?: number; + /** + * The scrape class to apply. + */ + scrapeClass?: string; + /** + * `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients + * the + * protocols supported by Prometheus in order of preference (from most to least + * preferred). + * + * + * If unset, Prometheus uses its default value. + * + * + * It requires Prometheus >= v2.49.0. + */ + scrapeProtocols?: ScrapeProtocol[]; + /** + * Label selector to select the Kubernetes `Endpoints` objects. + */ + selector: Selector; + /** + * `targetLabels` defines the labels which are transferred from the + * associated Kubernetes `Service` object onto the ingested metrics. + */ + targetLabels?: string[]; + /** + * `targetLimit` defines a limit on the number of scraped targets that will + * be accepted. + */ + targetLimit?: number; } /** - * `attachMetadata` defines additional metadata which is added to the discovered targets. + * `attachMetadata` defines additional metadata which is added to the + * discovered targets. + * + * * It requires Prometheus >= v2.37.0. */ export interface AttachMetadata { - /** - * When set to true, Prometheus must have the `get` permission on the `Nodes` objects. - */ - node?: boolean; + /** + * When set to true, Prometheus must have the `get` permission on the + * `Nodes` objects. + */ + node?: boolean; } /** - * Endpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus. + * Endpoint defines an endpoint serving Prometheus metrics to be scraped by + * Prometheus. */ export interface Endpoint { - /** - * `authorization` configures the Authorization header credentials to use when scraping the - * target. - * Cannot be set at the same time as `basicAuth`, or `oauth2`. - */ - authorization?: Authorization; - /** - * `basicAuth` configures the Basic Authentication credentials to use when scraping the - * target. - * Cannot be set at the same time as `authorization`, or `oauth2`. - */ - basicAuth?: BasicAuth; - /** - * File to read bearer token for scraping the target. - * Deprecated: use `authorization` instead. - */ - bearerTokenFile?: string; - /** - * `bearerTokenSecret` specifies a key of a Secret containing the bearer token for scraping - * targets. The secret needs to be in the same namespace as the ServiceMonitor object and - * readable by the Prometheus Operator. - * Deprecated: use `authorization` instead. - */ - bearerTokenSecret?: BearerTokenSecret; - /** - * `enableHttp2` can be used to disable HTTP2 when scraping the target. - */ - enableHttp2?: boolean; - /** - * When true, the pods which are not running (e.g. either in Failed or Succeeded state) are - * dropped during the target discovery. - * If unset, the filtering is enabled. - * More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase - */ - filterRunning?: boolean; - /** - * `followRedirects` defines whether the scrape requests should follow HTTP 3xx redirects. - */ - followRedirects?: boolean; - /** - * When true, `honorLabels` preserves the metric's labels when they collide with the - * target's labels. - */ - honorLabels?: boolean; - /** - * `honorTimestamps` controls whether Prometheus preserves the timestamps when exposed by - * the target. - */ - honorTimestamps?: boolean; - /** - * Interval at which Prometheus scrapes the metrics from the target. - * If empty, Prometheus uses the global scrape interval. - */ - interval?: string; - /** - * `metricRelabelings` configures the relabeling rules to apply to the samples before - * ingestion. - */ - metricRelabelings?: MetricRelabeling[]; - /** - * `oauth2` configures the OAuth2 settings to use when scraping the target. - * It requires Prometheus >= 2.27.0. - * Cannot be set at the same time as `authorization`, or `basicAuth`. - */ - oauth2?: Oauth2; - /** - * params define optional HTTP URL parameters. - */ - params?: { [key: string]: string[] }; - /** - * HTTP path from which to scrape for metrics. - * If empty, Prometheus uses the default value (e.g. `/metrics`). - */ - path?: string; - /** - * Name of the Service port which this endpoint refers to. - * It takes precedence over `targetPort`. - */ - port?: string; - /** - * `proxyURL` configures the HTTP Proxy URL (e.g. "http://proxyserver:2195") to go through - * when scraping the target. - */ - proxyUrl?: string; - /** - * `relabelings` configures the relabeling rules to apply the target's metadata labels. - * The Operator automatically adds relabelings for a few standard Kubernetes fields. - * The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - * More info: - * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - */ - relabelings?: Relabeling[]; - /** - * HTTP scheme to use for scraping. - * `http` and `https` are the expected values unless you rewrite the `__scheme__` label via - * relabeling. - * If empty, Prometheus uses the default value `http`. - */ - scheme?: Scheme; - /** - * Timeout after which Prometheus considers the scrape to be failed. - * If empty, Prometheus uses the global scrape timeout unless it is less than the target's - * scrape interval value in which the latter is used. - */ - scrapeTimeout?: string; - /** - * Name or number of the target port of the `Pod` object behind the Service, the port must - * be specified with container port property. - * Deprecated: use `port` instead. - */ - targetPort?: number | string; - /** - * TLS configuration to use when scraping the target. - */ - tlsConfig?: TLSConfig; - /** - * `trackTimestampsStaleness` defines whether Prometheus tracks staleness of the metrics - * that have an explicit timestamp present in scraped data. Has no effect if - * `honorTimestamps` is false. - * It requires Prometheus >= v2.48.0. - */ - trackTimestampsStaleness?: boolean; + /** + * `authorization` configures the Authorization header credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `basicAuth`, or `oauth2`. + */ + authorization?: Authorization; + /** + * `basicAuth` configures the Basic Authentication credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `authorization`, or `oauth2`. + */ + basicAuth?: BasicAuth; + /** + * File to read bearer token for scraping the target. + * + * + * Deprecated: use `authorization` instead. + */ + bearerTokenFile?: string; + /** + * `bearerTokenSecret` specifies a key of a Secret containing the bearer + * token for scraping targets. The secret needs to be in the same namespace + * as the ServiceMonitor object and readable by the Prometheus Operator. + * + * + * Deprecated: use `authorization` instead. + */ + bearerTokenSecret?: BearerTokenSecret; + /** + * `enableHttp2` can be used to disable HTTP2 when scraping the target. + */ + enableHttp2?: boolean; + /** + * When true, the pods which are not running (e.g. either in Failed or + * Succeeded state) are dropped during the target discovery. + * + * + * If unset, the filtering is enabled. + * + * + * More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase + */ + filterRunning?: boolean; + /** + * `followRedirects` defines whether the scrape requests should follow HTTP + * 3xx redirects. + */ + followRedirects?: boolean; + /** + * When true, `honorLabels` preserves the metric's labels when they collide + * with the target's labels. + */ + honorLabels?: boolean; + /** + * `honorTimestamps` controls whether Prometheus preserves the timestamps + * when exposed by the target. + */ + honorTimestamps?: boolean; + /** + * Interval at which Prometheus scrapes the metrics from the target. + * + * + * If empty, Prometheus uses the global scrape interval. + */ + interval?: string; + /** + * `metricRelabelings` configures the relabeling rules to apply to the + * samples before ingestion. + */ + metricRelabelings?: MetricRelabeling[]; + /** + * `oauth2` configures the OAuth2 settings to use when scraping the target. + * + * + * It requires Prometheus >= 2.27.0. + * + * + * Cannot be set at the same time as `authorization`, or `basicAuth`. + */ + oauth2?: Oauth2; + /** + * params define optional HTTP URL parameters. + */ + params?: { [key: string]: string[] }; + /** + * HTTP path from which to scrape for metrics. + * + * + * If empty, Prometheus uses the default value (e.g. `/metrics`). + */ + path?: string; + /** + * Name of the Service port which this endpoint refers to. + * + * + * It takes precedence over `targetPort`. + */ + port?: string; + /** + * `proxyURL` configures the HTTP Proxy URL (e.g. + * "http://proxyserver:2195") to go through when scraping the target. + */ + proxyUrl?: string; + /** + * `relabelings` configures the relabeling rules to apply the target's + * metadata labels. + * + * + * The Operator automatically adds relabelings for a few standard Kubernetes fields. + * + * + * The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + * + * + * More info: + * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + */ + relabelings?: Relabeling[]; + /** + * HTTP scheme to use for scraping. + * + * + * `http` and `https` are the expected values unless you rewrite the + * `__scheme__` label via relabeling. + * + * + * If empty, Prometheus uses the default value `http`. + */ + scheme?: Scheme; + /** + * Timeout after which Prometheus considers the scrape to be failed. + * + * + * If empty, Prometheus uses the global scrape timeout unless it is less + * than the target's scrape interval value in which the latter is used. + */ + scrapeTimeout?: string; + /** + * Name or number of the target port of the `Pod` object behind the + * Service. The port must be specified with the container's port property. + */ + targetPort?: number | string; + /** + * TLS configuration to use when scraping the target. + */ + tlsConfig?: TLSConfig; + /** + * `trackTimestampsStaleness` defines whether Prometheus tracks staleness of + * the metrics that have an explicit timestamp present in scraped data. + * Has no effect if `honorTimestamps` is false. + * + * + * It requires Prometheus >= v2.48.0. + */ + trackTimestampsStaleness?: boolean; } /** - * `authorization` configures the Authorization header credentials to use when scraping the - * target. + * `authorization` configures the Authorization header credentials to use when + * scraping the target. + * + * * Cannot be set at the same time as `basicAuth`, or `oauth2`. */ export interface Authorization { - /** - * Selects a key of a Secret in the namespace that contains the credentials for - * authentication. - */ - credentials?: Credentials; - /** - * Defines the authentication type. The value is case-insensitive. - * "Basic" is not a supported value. - * Default: "Bearer" - */ - type?: string; + /** + * Selects a key of a Secret in the namespace that contains the credentials for + * authentication. + */ + credentials?: Credentials; + /** + * Defines the authentication type. The value is case-insensitive. + * + * + * "Basic" is not a supported value. + * + * + * Default: "Bearer" + */ + type?: string; } /** @@ -249,561 +341,694 @@ export interface Authorization { * authentication. */ export interface Credentials { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** - * `basicAuth` configures the Basic Authentication credentials to use when scraping the - * target. + * `basicAuth` configures the Basic Authentication credentials to use when + * scraping the target. + * + * * Cannot be set at the same time as `authorization`, or `oauth2`. */ export interface BasicAuth { - /** - * `password` specifies a key of a Secret containing the password for authentication. - */ - password?: Password; - /** - * `username` specifies a key of a Secret containing the username for authentication. - */ - username?: Username; + /** + * `password` specifies a key of a Secret containing the password for + * authentication. + */ + password?: Password; + /** + * `username` specifies a key of a Secret containing the username for + * authentication. + */ + username?: Username; } /** - * `password` specifies a key of a Secret containing the password for authentication. + * `password` specifies a key of a Secret containing the password for + * authentication. */ export interface Password { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** - * `username` specifies a key of a Secret containing the username for authentication. + * `username` specifies a key of a Secret containing the username for + * authentication. */ export interface Username { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** - * `bearerTokenSecret` specifies a key of a Secret containing the bearer token for scraping - * targets. The secret needs to be in the same namespace as the ServiceMonitor object and - * readable by the Prometheus Operator. + * `bearerTokenSecret` specifies a key of a Secret containing the bearer + * token for scraping targets. The secret needs to be in the same namespace + * as the ServiceMonitor object and readable by the Prometheus Operator. + * + * * Deprecated: use `authorization` instead. */ export interface BearerTokenSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** - * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped - * samples and remote write samples. + * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + * scraped samples and remote write samples. + * + * * More info: * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ export interface MetricRelabeling { - /** - * Action to perform based on the regex matching. - * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and - * `KeepEqual` actions require Prometheus >= v2.41.0. - * Default: "Replace" - */ - action?: Action; - /** - * Modulus to take of the hash of the source label values. - * Only applicable when the action is `HashMod`. - */ - modulus?: number; - /** - * Regular expression against which the extracted value is matched. - */ - regex?: string; - /** - * Replacement value against which a Replace action is performed if the regular expression - * matches. - * Regex capture groups are available. - */ - replacement?: string; - /** - * Separator is the string between concatenated SourceLabels. - */ - separator?: string; - /** - * The source labels select values from existing labels. Their content is concatenated using - * the configured Separator and matched against the configured regular expression. - */ - sourceLabels?: string[]; - /** - * Label to which the resulting string is written in a replacement. - * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and - * `DropEqual` actions. - * Regex capture groups are available. - */ - targetLabel?: string; + /** + * Action to perform based on the regex matching. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * Default: "Replace" + */ + action?: Action; + /** + * Modulus to take of the hash of the source label values. + * + * + * Only applicable when the action is `HashMod`. + */ + modulus?: number; + /** + * Regular expression against which the extracted value is matched. + */ + regex?: string; + /** + * Replacement value against which a Replace action is performed if the + * regular expression matches. + * + * + * Regex capture groups are available. + */ + replacement?: string; + /** + * Separator is the string between concatenated SourceLabels. + */ + separator?: string; + /** + * The source labels select values from existing labels. Their content is + * concatenated using the configured Separator and matched against the + * configured regular expression. + */ + sourceLabels?: string[]; + /** + * Label to which the resulting string is written in a replacement. + * + * + * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + * `KeepEqual` and `DropEqual` actions. + * + * + * Regex capture groups are available. + */ + targetLabel?: string; } /** * Action to perform based on the regex matching. - * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and - * `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * * Default: "Replace" */ export enum Action { - ActionDrop = "Drop", - ActionKeep = "Keep", - ActionLowercase = "Lowercase", - ActionReplace = "Replace", - ActionUppercase = "Uppercase", - Drop = "drop", - DropEqual = "DropEqual", - Dropequal = "dropequal", - HashMod = "HashMod", - Hashmod = "hashmod", - Keep = "keep", - KeepEqual = "KeepEqual", - Keepequal = "keepequal", - LabelDrop = "LabelDrop", - LabelKeep = "LabelKeep", - LabelMap = "LabelMap", - Labeldrop = "labeldrop", - Labelkeep = "labelkeep", - Labelmap = "labelmap", - Lowercase = "lowercase", - Replace = "replace", - Uppercase = "uppercase", + ActionDrop = "Drop", + ActionKeep = "Keep", + ActionLowercase = "Lowercase", + ActionReplace = "Replace", + ActionUppercase = "Uppercase", + Drop = "drop", + DropEqual = "DropEqual", + Dropequal = "dropequal", + HashMod = "HashMod", + Hashmod = "hashmod", + Keep = "keep", + KeepEqual = "KeepEqual", + Keepequal = "keepequal", + LabelDrop = "LabelDrop", + LabelKeep = "LabelKeep", + LabelMap = "LabelMap", + Labeldrop = "labeldrop", + Labelkeep = "labelkeep", + Labelmap = "labelmap", + Lowercase = "lowercase", + Replace = "replace", + Uppercase = "uppercase", } /** * `oauth2` configures the OAuth2 settings to use when scraping the target. + * + * * It requires Prometheus >= 2.27.0. + * + * * Cannot be set at the same time as `authorization`, or `basicAuth`. */ export interface Oauth2 { - /** - * `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. - */ - clientId: ClientID; - /** - * `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. - */ - clientSecret: ClientSecret; - /** - * `endpointParams` configures the HTTP parameters to append to the token URL. - */ - endpointParams?: { [key: string]: string }; - /** - * `scopes` defines the OAuth2 scopes used for the token request. - */ - scopes?: string[]; - /** - * `tokenURL` configures the URL to fetch the token from. - */ - tokenUrl: string; + /** + * `clientId` specifies a key of a Secret or ConfigMap containing the + * OAuth2 client's ID. + */ + clientId: ClientID; + /** + * `clientSecret` specifies a key of a Secret containing the OAuth2 + * client's secret. + */ + clientSecret: ClientSecret; + /** + * `endpointParams` configures the HTTP parameters to append to the token + * URL. + */ + endpointParams?: { [key: string]: string }; + /** + * `scopes` defines the OAuth2 scopes used for the token request. + */ + scopes?: string[]; + /** + * `tokenURL` configures the URL to fetch the token from. + */ + tokenUrl: string; } /** - * `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. + * `clientId` specifies a key of a Secret or ConfigMap containing the + * OAuth2 client's ID. */ export interface ClientID { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: ClientIDConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: ClientIDSecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: ClientIDConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: ClientIDSecret; } /** * ConfigMap containing data to use for the targets. */ export interface ClientIDConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface ClientIDSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** - * `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. + * `clientSecret` specifies a key of a Secret containing the OAuth2 + * client's secret. */ export interface ClientSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** - * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped - * samples and remote write samples. + * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + * scraped samples and remote write samples. + * + * * More info: * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ export interface Relabeling { - /** - * Action to perform based on the regex matching. - * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and - * `KeepEqual` actions require Prometheus >= v2.41.0. - * Default: "Replace" - */ - action?: Action; - /** - * Modulus to take of the hash of the source label values. - * Only applicable when the action is `HashMod`. - */ - modulus?: number; - /** - * Regular expression against which the extracted value is matched. - */ - regex?: string; - /** - * Replacement value against which a Replace action is performed if the regular expression - * matches. - * Regex capture groups are available. - */ - replacement?: string; - /** - * Separator is the string between concatenated SourceLabels. - */ - separator?: string; - /** - * The source labels select values from existing labels. Their content is concatenated using - * the configured Separator and matched against the configured regular expression. - */ - sourceLabels?: string[]; - /** - * Label to which the resulting string is written in a replacement. - * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and - * `DropEqual` actions. - * Regex capture groups are available. - */ - targetLabel?: string; + /** + * Action to perform based on the regex matching. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * Default: "Replace" + */ + action?: Action; + /** + * Modulus to take of the hash of the source label values. + * + * + * Only applicable when the action is `HashMod`. + */ + modulus?: number; + /** + * Regular expression against which the extracted value is matched. + */ + regex?: string; + /** + * Replacement value against which a Replace action is performed if the + * regular expression matches. + * + * + * Regex capture groups are available. + */ + replacement?: string; + /** + * Separator is the string between concatenated SourceLabels. + */ + separator?: string; + /** + * The source labels select values from existing labels. Their content is + * concatenated using the configured Separator and matched against the + * configured regular expression. + */ + sourceLabels?: string[]; + /** + * Label to which the resulting string is written in a replacement. + * + * + * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + * `KeepEqual` and `DropEqual` actions. + * + * + * Regex capture groups are available. + */ + targetLabel?: string; } /** * HTTP scheme to use for scraping. - * `http` and `https` are the expected values unless you rewrite the `__scheme__` label via - * relabeling. + * + * + * `http` and `https` are the expected values unless you rewrite the + * `__scheme__` label via relabeling. + * + * * If empty, Prometheus uses the default value `http`. */ export enum Scheme { - HTTP = "http", - HTTPS = "https", + HTTP = "http", + HTTPS = "https", } /** * TLS configuration to use when scraping the target. */ export interface TLSConfig { - /** - * Certificate authority used when verifying server certificates. - */ - ca?: CA; - /** - * Path to the CA cert in the Prometheus container to use for the targets. - */ - caFile?: string; - /** - * Client certificate to present when doing client-authentication. - */ - cert?: CERT; - /** - * Path to the client cert file in the Prometheus container for the targets. - */ - certFile?: string; - /** - * Disable target certificate validation. - */ - insecureSkipVerify?: boolean; - /** - * Path to the client key file in the Prometheus container for the targets. - */ - keyFile?: string; - /** - * Secret containing the client key file for the targets. - */ - keySecret?: KeySecret; - /** - * Used to verify the hostname for the targets. - */ - serverName?: string; + /** + * Certificate authority used when verifying server certificates. + */ + ca?: CA; + /** + * Path to the CA cert in the Prometheus container to use for the targets. + */ + caFile?: string; + /** + * Client certificate to present when doing client-authentication. + */ + cert?: CERT; + /** + * Path to the client cert file in the Prometheus container for the targets. + */ + certFile?: string; + /** + * Disable target certificate validation. + */ + insecureSkipVerify?: boolean; + /** + * Path to the client key file in the Prometheus container for the targets. + */ + keyFile?: string; + /** + * Secret containing the client key file for the targets. + */ + keySecret?: KeySecret; + /** + * Used to verify the hostname for the targets. + */ + serverName?: string; } /** * Certificate authority used when verifying server certificates. */ export interface CA { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: CAConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: CASecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: CAConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: CASecret; } /** * ConfigMap containing data to use for the targets. */ export interface CAConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface CASecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** * Client certificate to present when doing client-authentication. */ export interface CERT { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: CERTConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: CERTSecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: CERTConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: CERTSecret; } /** * ConfigMap containing data to use for the targets. */ export interface CERTConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface CERTSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** * Secret containing the client key file for the targets. */ export interface KeySecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. More info: - * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add - * other useful fields. apiVersion, kind, uid? - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** - * Selector to select which namespaces the Kubernetes `Endpoints` objects are discovered - * from. + * Selector to select which namespaces the Kubernetes `Endpoints` objects + * are discovered from. */ export interface NamespaceSelector { - /** - * Boolean describing whether all namespaces are selected in contrast to a list restricting - * them. - */ - any?: boolean; - /** - * List of namespace names to select from. - */ - matchNames?: string[]; + /** + * Boolean describing whether all namespaces are selected in contrast to a + * list restricting them. + */ + any?: boolean; + /** + * List of namespace names to select from. + */ + matchNames?: string[]; +} + +/** + * ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. + * Supported values are: + * * `OpenMetricsText0.0.1` + * * `OpenMetricsText1.0.0` + * * `PrometheusProto` + * * `PrometheusText0.0.4` + */ +export enum ScrapeProtocol { + OpenMetricsText001 = "OpenMetricsText0.0.1", + OpenMetricsText100 = "OpenMetricsText1.0.0", + PrometheusProto = "PrometheusProto", + PrometheusText004 = "PrometheusText0.0.4", } /** * Label selector to select the Kubernetes `Endpoints` objects. */ export interface Selector { - /** - * matchExpressions is a list of label selector requirements. The requirements are ANDed. - */ - matchExpressions?: MatchExpression[]; - /** - * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is - * equivalent to an element of matchExpressions, whose key field is "key", the operator is - * "In", and the values array contains only "value". The requirements are ANDed. - */ - matchLabels?: { [key: string]: string }; + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + */ + matchExpressions?: MatchExpression[]; + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + * map is equivalent to an element of matchExpressions, whose key field is "key", the + * operator is "In", and the values array contains only "value". The requirements are ANDed. + */ + matchLabels?: { [key: string]: string }; } /** * A label selector requirement is a selector that contains values, a key, and an operator - * that relates the key and values. + * that + * relates the key and values. */ export interface MatchExpression { - /** - * key is the label key that the selector applies to. - */ - key: string; - /** - * operator represents a key's relationship to a set of values. Valid operators are In, - * NotIn, Exists and DoesNotExist. - */ - operator: string; - /** - * values is an array of string values. If the operator is In or NotIn, the values array - * must be non-empty. If the operator is Exists or DoesNotExist, the values array must be - * empty. This array is replaced during a strategic merge patch. - */ - values?: string[]; + /** + * key is the label key that the selector applies to. + */ + key: string; + /** + * operator represents a key's relationship to a set of values. + * Valid operators are In, NotIn, Exists and DoesNotExist. + */ + operator: string; + /** + * values is an array of string values. If the operator is In or NotIn, + * the values array must be non-empty. If the operator is Exists or DoesNotExist, + * the values array must be empty. This array is replaced during a strategic + * merge patch. + */ + values?: string[]; } RegisterKind(ServiceMonitor, { group: "monitoring.coreos.com", version: "v1", kind: "ServiceMonitor", -}); + plural: "servicemonitors", +}); \ No newline at end of file diff --git a/src/pepr/operator/crd/index.ts b/src/pepr/operator/crd/index.ts index 452259bac..1735c5066 100644 --- a/src/pepr/operator/crd/index.ts +++ b/src/pepr/operator/crd/index.ts @@ -1,38 +1,38 @@ export { - Allow, - Direction, - Expose, - Gateway, - Monitor, - Phase, - Status as PkgStatus, - RemoteGenerated, - Sso, - Package as UDSPackage, + Allow, + Direction, + Expose, + Gateway, + Monitor, + Phase, + Status as PkgStatus, + RemoteGenerated, + Sso, + Package as UDSPackage } from "./generated/package-v1alpha1"; export { - ExemptionElement, - Matcher, - Kind as MatcherKind, - Policy, - Exemption as UDSExemption, + ExemptionElement, + Matcher, + Kind as MatcherKind, + Policy, + Exemption as UDSExemption } from "./generated/exemption-v1alpha1"; export { - HTTP as IstioHTTP, - HTTPRoute as IstioHTTPRoute, - VirtualService as IstioVirtualService, + HTTP as IstioHTTP, + HTTPRoute as IstioHTTPRoute, + VirtualService as IstioVirtualService } from "./generated/istio/virtualservice-v1beta1"; export { - Endpoint as IstioEndpoint, - Location as IstioLocation, - Port as IstioPort, - Resolution as IstioResolution, - ServiceEntry as IstioServiceEntry, + Endpoint as IstioEndpoint, + Location as IstioLocation, + Port as IstioPort, + Resolution as IstioResolution, + ServiceEntry as IstioServiceEntry } from "./generated/istio/serviceentry-v1beta1"; export * as PrometheusPodMonitor from "./generated/prometheus/podmonitor-v1"; export * as PrometheusServiceMonitor from "./generated/prometheus/servicemonitor-v1"; -// export * as Prometheus from "./generated/prometheus/servicemonitor-v1"; + diff --git a/src/pepr/prometheus/index.ts b/src/pepr/prometheus/index.ts index f19525c05..c40d9b43f 100644 --- a/src/pepr/prometheus/index.ts +++ b/src/pepr/prometheus/index.ts @@ -16,6 +16,11 @@ When(PrometheusServiceMonitor.ServiceMonitor) .Mutate(async sm => { // Provide an opt-out of mutation to handle complicated scenarios if (sm.Raw.metadata?.annotations?.["uds/skip-sm-mutate"]) { + Log.info(`Mutating scrapeClass to exempt ServiceMonitor ${sm.Raw.metadata?.name} from default scrapeClass mTLS config`); + if (sm.Raw.spec === undefined) { + return; + } + sm.Raw.spec.scrapeClass = "exempt"; return; } @@ -24,7 +29,10 @@ When(PrometheusServiceMonitor.ServiceMonitor) if (sm.Raw.spec?.endpoints === undefined) { return; } - + /** + * Patching ServiceMonitor tlsConfig is deprecated in favor of default scrapeClass with tls config + * this mutation will be removed in favor of a mutation to opt-out of the default scrapeClass in the future + */ Log.info(`Patching service monitor ${sm.Raw.metadata?.name} for mTLS metrics`); const tlsConfig = { caFile: "/etc/prom-certs/root-cert.pem", diff --git a/src/pepr/tasks.yaml b/src/pepr/tasks.yaml index 08b657648..4033b25f9 100644 --- a/src/pepr/tasks.yaml +++ b/src/pepr/tasks.yaml @@ -6,9 +6,9 @@ tasks: - name: gen-crds description: "Generate CRDS, requires a running kubernetes cluster" actions: - - cmd: "npx ts-node src/pepr/operator/crd/register.ts" + - cmd: npx ts-node -e "import { registerCRDs } from './src/pepr/operator/crd/register'; registerCRDs()" env: - - "PEPR_WATCH_MODE=true" + - "PEPR_MODE=dev" - cmd: "npx kubernetes-fluent-client crd packages.uds.dev src/pepr/operator/crd/generated" diff --git a/src/prometheus-stack/chart/templates/istio-monitor.yaml b/src/prometheus-stack/chart/templates/istio-monitor.yaml index e82a0d23e..1311f4658 100644 --- a/src/prometheus-stack/chart/templates/istio-monitor.yaml +++ b/src/prometheus-stack/chart/templates/istio-monitor.yaml @@ -5,6 +5,7 @@ metadata: name: envoy-stats-monitor namespace: istio-system spec: + scrapeClass: exempt selector: matchExpressions: - {key: istio-prometheus-ignore, operator: DoesNotExist} diff --git a/src/prometheus-stack/chart/templates/prometheus-pod-monitor.yaml b/src/prometheus-stack/chart/templates/prometheus-pod-monitor.yaml index 51e17961d..60c3bb615 100644 --- a/src/prometheus-stack/chart/templates/prometheus-pod-monitor.yaml +++ b/src/prometheus-stack/chart/templates/prometheus-pod-monitor.yaml @@ -5,6 +5,7 @@ metadata: name: prometheus-pod-monitor namespace: monitoring spec: + scrapeClass: exempt selector: matchLabels: app: prometheus diff --git a/src/test/app-tenant.yaml b/src/test/app-tenant.yaml index 3eb203b99..9b3626001 100644 --- a/src/test/app-tenant.yaml +++ b/src/test/app-tenant.yaml @@ -3,6 +3,43 @@ kind: Namespace metadata: name: test-tenant-app --- +apiVersion: v1 +kind: Secret +metadata: + name: example-secret + namespace: test-tenant-app +type: Opaque +data: + example-key: ZXhhbXBsZS1rZXk= +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: httpbin-pod-monitor-default-scrape + namespace: test-tenant-app +spec: + podMetricsEndpoints: + - path: /metrics + port: service + scrapeClass: istio-certs + selector: + matchLabels: + app: httpbin +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: httpbin-pod-monitor-no-tls-config + namespace: test-tenant-app +spec: + podMetricsEndpoints: + - path: /metrics + port: service + scrapeClass: exempt + selector: + matchLabels: + app: httpbin +--- apiVersion: uds.dev/v1alpha1 kind: Package metadata: @@ -23,6 +60,47 @@ spec: gateway: tenant host: demo-8081 port: 8081 + monitor: + - selector: + app: httpbin + targetPort: 3000 + portName: service + description: Pod Monitor + kind: PodMonitor + - selector: + app: httpbin + targetPort: 3000 + portName: service + description: Service Monitor Explicit + kind: ServiceMonitor + - selector: + app: httpbin + targetPort: 3000 + portName: service + description: Service Monitor Default + - portName: "http" + selector: + app: "example" + targetPort: 8080 + kind: "PodMonitor" + authorization: + credentials: + key: "example-key" + name: "example-secret" + optional: false + type: "Bearer" + description: Pod Monitor with Authorization + - portName: "http" + selector: + app: "example" + targetPort: 8080 + authorization: + credentials: + key: "example-key" + name: "example-secret" + optional: false + type: "Bearer" + description: Service Monitor with Authorization --- apiVersion: v1 kind: Service From 68b60df5bf70cb4e9cc6af7954b3f4e95c713ca4 Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Thu, 27 Jun 2024 14:31:19 -0400 Subject: [PATCH 03/19] update mutate to exempt uninjected target namespaces for monitors scrape config --- .../monitoring/service-monitor.spec.ts | 2 +- .../crd/generated/prometheus/podmonitor-v1.ts | 1510 ++++++++-------- .../generated/prometheus/servicemonitor-v1.ts | 1554 ++++++++--------- src/pepr/operator/crd/index.ts | 47 +- src/pepr/prometheus/index.ts | 28 +- 5 files changed, 1574 insertions(+), 1567 deletions(-) diff --git a/src/pepr/operator/controllers/monitoring/service-monitor.spec.ts b/src/pepr/operator/controllers/monitoring/service-monitor.spec.ts index 83d4fa03e..e99900409 100644 --- a/src/pepr/operator/controllers/monitoring/service-monitor.spec.ts +++ b/src/pepr/operator/controllers/monitoring/service-monitor.spec.ts @@ -1,6 +1,6 @@ import { describe, expect, it } from "@jest/globals"; -import { generateServiceMonitor } from "./service-monitor"; import { Monitor } from "../../crd"; +import { generateServiceMonitor } from "./service-monitor"; describe("test generate service monitor", () => { it("should return a valid Service Monitor object", () => { diff --git a/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts b/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts index a6e9c3b7a..d2e9f3f9a 100644 --- a/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts +++ b/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts @@ -6,121 +6,121 @@ import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; * PodMonitor defines monitoring for a set of pods. */ export class PodMonitor extends GenericKind { - /** - * Specification of desired Pod selection for target discovery by Prometheus. - */ - spec?: Spec; + /** + * Specification of desired Pod selection for target discovery by Prometheus. + */ + spec?: Spec; } /** * Specification of desired Pod selection for target discovery by Prometheus. */ export interface Spec { - /** - * `attachMetadata` defines additional metadata which is added to the - * discovered targets. - * - * - * It requires Prometheus >= v2.37.0. - */ - attachMetadata?: AttachMetadata; - /** - * When defined, bodySizeLimit specifies a job level limit on the size - * of uncompressed response body that will be accepted by Prometheus. - * - * - * It requires Prometheus >= v2.28.0. - */ - bodySizeLimit?: string; - /** - * The label to use to retrieve the job name from. - * `jobLabel` selects the label from the associated Kubernetes `Pod` - * object which will be used as the `job` label for all metrics. - * - * - * For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` - * object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` - * label to all ingested metrics. - * - * - * If the value of this field is empty, the `job` label of the metrics - * defaults to the namespace and name of the PodMonitor object (e.g. `/`). - */ - jobLabel?: string; - /** - * Per-scrape limit on the number of targets dropped by relabeling - * that will be kept in memory. 0 means no limit. - * - * - * It requires Prometheus >= v2.47.0. - */ - keepDroppedTargets?: number; - /** - * Per-scrape limit on number of labels that will be accepted for a sample. - * - * - * It requires Prometheus >= v2.27.0. - */ - labelLimit?: number; - /** - * Per-scrape limit on length of labels name that will be accepted for a sample. - * - * - * It requires Prometheus >= v2.27.0. - */ - labelNameLengthLimit?: number; - /** - * Per-scrape limit on length of labels value that will be accepted for a sample. - * - * - * It requires Prometheus >= v2.27.0. - */ - labelValueLengthLimit?: number; - /** - * Selector to select which namespaces the Kubernetes `Pods` objects - * are discovered from. - */ - namespaceSelector?: NamespaceSelector; - /** - * List of endpoints part of this PodMonitor. - */ - podMetricsEndpoints?: PodMetricsEndpoint[]; - /** - * `podTargetLabels` defines the labels which are transferred from the - * associated Kubernetes `Pod` object onto the ingested metrics. - */ - podTargetLabels?: string[]; - /** - * `sampleLimit` defines a per-scrape limit on the number of scraped samples - * that will be accepted. - */ - sampleLimit?: number; - /** - * The scrape class to apply. - */ - scrapeClass?: string; - /** - * `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients - * the - * protocols supported by Prometheus in order of preference (from most to least - * preferred). - * - * - * If unset, Prometheus uses its default value. - * - * - * It requires Prometheus >= v2.49.0. - */ - scrapeProtocols?: ScrapeProtocol[]; - /** - * Label selector to select the Kubernetes `Pod` objects. - */ - selector: Selector; - /** - * `targetLimit` defines a limit on the number of scraped targets that will - * be accepted. - */ - targetLimit?: number; + /** + * `attachMetadata` defines additional metadata which is added to the + * discovered targets. + * + * + * It requires Prometheus >= v2.37.0. + */ + attachMetadata?: AttachMetadata; + /** + * When defined, bodySizeLimit specifies a job level limit on the size + * of uncompressed response body that will be accepted by Prometheus. + * + * + * It requires Prometheus >= v2.28.0. + */ + bodySizeLimit?: string; + /** + * The label to use to retrieve the job name from. + * `jobLabel` selects the label from the associated Kubernetes `Pod` + * object which will be used as the `job` label for all metrics. + * + * + * For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` + * object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` + * label to all ingested metrics. + * + * + * If the value of this field is empty, the `job` label of the metrics + * defaults to the namespace and name of the PodMonitor object (e.g. `/`). + */ + jobLabel?: string; + /** + * Per-scrape limit on the number of targets dropped by relabeling + * that will be kept in memory. 0 means no limit. + * + * + * It requires Prometheus >= v2.47.0. + */ + keepDroppedTargets?: number; + /** + * Per-scrape limit on number of labels that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelLimit?: number; + /** + * Per-scrape limit on length of labels name that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelNameLengthLimit?: number; + /** + * Per-scrape limit on length of labels value that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelValueLengthLimit?: number; + /** + * Selector to select which namespaces the Kubernetes `Pods` objects + * are discovered from. + */ + namespaceSelector?: NamespaceSelector; + /** + * List of endpoints part of this PodMonitor. + */ + podMetricsEndpoints?: PodMetricsEndpoint[]; + /** + * `podTargetLabels` defines the labels which are transferred from the + * associated Kubernetes `Pod` object onto the ingested metrics. + */ + podTargetLabels?: string[]; + /** + * `sampleLimit` defines a per-scrape limit on the number of scraped samples + * that will be accepted. + */ + sampleLimit?: number; + /** + * The scrape class to apply. + */ + scrapeClass?: string; + /** + * `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients + * the + * protocols supported by Prometheus in order of preference (from most to least + * preferred). + * + * + * If unset, Prometheus uses its default value. + * + * + * It requires Prometheus >= v2.49.0. + */ + scrapeProtocols?: ScrapeProtocol[]; + /** + * Label selector to select the Kubernetes `Pod` objects. + */ + selector: Selector; + /** + * `targetLimit` defines a limit on the number of scraped targets that will + * be accepted. + */ + targetLimit?: number; } /** @@ -131,11 +131,11 @@ export interface Spec { * It requires Prometheus >= v2.37.0. */ export interface AttachMetadata { - /** - * When set to true, Prometheus must have the `get` permission on the - * `Nodes` objects. - */ - node?: boolean; + /** + * When set to true, Prometheus must have the `get` permission on the + * `Nodes` objects. + */ + node?: boolean; } /** @@ -143,15 +143,15 @@ export interface AttachMetadata { * are discovered from. */ export interface NamespaceSelector { - /** - * Boolean describing whether all namespaces are selected in contrast to a - * list restricting them. - */ - any?: boolean; - /** - * List of namespace names to select from. - */ - matchNames?: string[]; + /** + * Boolean describing whether all namespaces are selected in contrast to a + * list restricting them. + */ + any?: boolean; + /** + * List of namespace names to select from. + */ + matchNames?: string[]; } /** @@ -159,161 +159,161 @@ export interface NamespaceSelector { * Prometheus. */ export interface PodMetricsEndpoint { - /** - * `authorization` configures the Authorization header credentials to use when - * scraping the target. - * - * - * Cannot be set at the same time as `basicAuth`, or `oauth2`. - */ - authorization?: Authorization; - /** - * `basicAuth` configures the Basic Authentication credentials to use when - * scraping the target. - * - * - * Cannot be set at the same time as `authorization`, or `oauth2`. - */ - basicAuth?: BasicAuth; - /** - * `bearerTokenSecret` specifies a key of a Secret containing the bearer - * token for scraping targets. The secret needs to be in the same namespace - * as the PodMonitor object and readable by the Prometheus Operator. - * - * - * Deprecated: use `authorization` instead. - */ - bearerTokenSecret?: BearerTokenSecret; - /** - * `enableHttp2` can be used to disable HTTP2 when scraping the target. - */ - enableHttp2?: boolean; - /** - * When true, the pods which are not running (e.g. either in Failed or - * Succeeded state) are dropped during the target discovery. - * - * - * If unset, the filtering is enabled. - * - * - * More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase - */ - filterRunning?: boolean; - /** - * `followRedirects` defines whether the scrape requests should follow HTTP - * 3xx redirects. - */ - followRedirects?: boolean; - /** - * When true, `honorLabels` preserves the metric's labels when they collide - * with the target's labels. - */ - honorLabels?: boolean; - /** - * `honorTimestamps` controls whether Prometheus preserves the timestamps - * when exposed by the target. - */ - honorTimestamps?: boolean; - /** - * Interval at which Prometheus scrapes the metrics from the target. - * - * - * If empty, Prometheus uses the global scrape interval. - */ - interval?: string; - /** - * `metricRelabelings` configures the relabeling rules to apply to the - * samples before ingestion. - */ - metricRelabelings?: MetricRelabeling[]; - /** - * `oauth2` configures the OAuth2 settings to use when scraping the target. - * - * - * It requires Prometheus >= 2.27.0. - * - * - * Cannot be set at the same time as `authorization`, or `basicAuth`. - */ - oauth2?: Oauth2; - /** - * `params` define optional HTTP URL parameters. - */ - params?: { [key: string]: string[] }; - /** - * HTTP path from which to scrape for metrics. - * - * - * If empty, Prometheus uses the default value (e.g. `/metrics`). - */ - path?: string; - /** - * Name of the Pod port which this endpoint refers to. - * - * - * It takes precedence over `targetPort`. - */ - port?: string; - /** - * `proxyURL` configures the HTTP Proxy URL (e.g. - * "http://proxyserver:2195") to go through when scraping the target. - */ - proxyUrl?: string; - /** - * `relabelings` configures the relabeling rules to apply the target's - * metadata labels. - * - * - * The Operator automatically adds relabelings for a few standard Kubernetes fields. - * - * - * The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - * - * - * More info: - * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - */ - relabelings?: Relabeling[]; - /** - * HTTP scheme to use for scraping. - * - * - * `http` and `https` are the expected values unless you rewrite the - * `__scheme__` label via relabeling. - * - * - * If empty, Prometheus uses the default value `http`. - */ - scheme?: Scheme; - /** - * Timeout after which Prometheus considers the scrape to be failed. - * - * - * If empty, Prometheus uses the global scrape timeout unless it is less - * than the target's scrape interval value in which the latter is used. - */ - scrapeTimeout?: string; - /** - * Name or number of the target port of the `Pod` object behind the Service, the - * port must be specified with container port property. - * - * - * Deprecated: use 'port' instead. - */ - targetPort?: number | string; - /** - * TLS configuration to use when scraping the target. - */ - tlsConfig?: TLSConfig; - /** - * `trackTimestampsStaleness` defines whether Prometheus tracks staleness of - * the metrics that have an explicit timestamp present in scraped data. - * Has no effect if `honorTimestamps` is false. - * - * - * It requires Prometheus >= v2.48.0. - */ - trackTimestampsStaleness?: boolean; + /** + * `authorization` configures the Authorization header credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `basicAuth`, or `oauth2`. + */ + authorization?: Authorization; + /** + * `basicAuth` configures the Basic Authentication credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `authorization`, or `oauth2`. + */ + basicAuth?: BasicAuth; + /** + * `bearerTokenSecret` specifies a key of a Secret containing the bearer + * token for scraping targets. The secret needs to be in the same namespace + * as the PodMonitor object and readable by the Prometheus Operator. + * + * + * Deprecated: use `authorization` instead. + */ + bearerTokenSecret?: BearerTokenSecret; + /** + * `enableHttp2` can be used to disable HTTP2 when scraping the target. + */ + enableHttp2?: boolean; + /** + * When true, the pods which are not running (e.g. either in Failed or + * Succeeded state) are dropped during the target discovery. + * + * + * If unset, the filtering is enabled. + * + * + * More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase + */ + filterRunning?: boolean; + /** + * `followRedirects` defines whether the scrape requests should follow HTTP + * 3xx redirects. + */ + followRedirects?: boolean; + /** + * When true, `honorLabels` preserves the metric's labels when they collide + * with the target's labels. + */ + honorLabels?: boolean; + /** + * `honorTimestamps` controls whether Prometheus preserves the timestamps + * when exposed by the target. + */ + honorTimestamps?: boolean; + /** + * Interval at which Prometheus scrapes the metrics from the target. + * + * + * If empty, Prometheus uses the global scrape interval. + */ + interval?: string; + /** + * `metricRelabelings` configures the relabeling rules to apply to the + * samples before ingestion. + */ + metricRelabelings?: MetricRelabeling[]; + /** + * `oauth2` configures the OAuth2 settings to use when scraping the target. + * + * + * It requires Prometheus >= 2.27.0. + * + * + * Cannot be set at the same time as `authorization`, or `basicAuth`. + */ + oauth2?: Oauth2; + /** + * `params` define optional HTTP URL parameters. + */ + params?: { [key: string]: string[] }; + /** + * HTTP path from which to scrape for metrics. + * + * + * If empty, Prometheus uses the default value (e.g. `/metrics`). + */ + path?: string; + /** + * Name of the Pod port which this endpoint refers to. + * + * + * It takes precedence over `targetPort`. + */ + port?: string; + /** + * `proxyURL` configures the HTTP Proxy URL (e.g. + * "http://proxyserver:2195") to go through when scraping the target. + */ + proxyUrl?: string; + /** + * `relabelings` configures the relabeling rules to apply the target's + * metadata labels. + * + * + * The Operator automatically adds relabelings for a few standard Kubernetes fields. + * + * + * The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + * + * + * More info: + * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + */ + relabelings?: Relabeling[]; + /** + * HTTP scheme to use for scraping. + * + * + * `http` and `https` are the expected values unless you rewrite the + * `__scheme__` label via relabeling. + * + * + * If empty, Prometheus uses the default value `http`. + */ + scheme?: Scheme; + /** + * Timeout after which Prometheus considers the scrape to be failed. + * + * + * If empty, Prometheus uses the global scrape timeout unless it is less + * than the target's scrape interval value in which the latter is used. + */ + scrapeTimeout?: string; + /** + * Name or number of the target port of the `Pod` object behind the Service, the + * port must be specified with container port property. + * + * + * Deprecated: use 'port' instead. + */ + targetPort?: number | string; + /** + * TLS configuration to use when scraping the target. + */ + tlsConfig?: TLSConfig; + /** + * `trackTimestampsStaleness` defines whether Prometheus tracks staleness of + * the metrics that have an explicit timestamp present in scraped data. + * Has no effect if `honorTimestamps` is false. + * + * + * It requires Prometheus >= v2.48.0. + */ + trackTimestampsStaleness?: boolean; } /** @@ -324,21 +324,21 @@ export interface PodMetricsEndpoint { * Cannot be set at the same time as `basicAuth`, or `oauth2`. */ export interface Authorization { - /** - * Selects a key of a Secret in the namespace that contains the credentials for - * authentication. - */ - credentials?: Credentials; - /** - * Defines the authentication type. The value is case-insensitive. - * - * - * "Basic" is not a supported value. - * - * - * Default: "Bearer" - */ - type?: string; + /** + * Selects a key of a Secret in the namespace that contains the credentials for + * authentication. + */ + credentials?: Credentials; + /** + * Defines the authentication type. The value is case-insensitive. + * + * + * "Basic" is not a supported value. + * + * + * Default: "Bearer" + */ + type?: string; } /** @@ -346,25 +346,25 @@ export interface Authorization { * authentication. */ export interface Credentials { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -375,16 +375,16 @@ export interface Credentials { * Cannot be set at the same time as `authorization`, or `oauth2`. */ export interface BasicAuth { - /** - * `password` specifies a key of a Secret containing the password for - * authentication. - */ - password?: Password; - /** - * `username` specifies a key of a Secret containing the username for - * authentication. - */ - username?: Username; + /** + * `password` specifies a key of a Secret containing the password for + * authentication. + */ + password?: Password; + /** + * `username` specifies a key of a Secret containing the username for + * authentication. + */ + username?: Username; } /** @@ -392,25 +392,25 @@ export interface BasicAuth { * authentication. */ export interface Password { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -418,25 +418,25 @@ export interface Password { * authentication. */ export interface Username { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -448,25 +448,25 @@ export interface Username { * Deprecated: use `authorization` instead. */ export interface BearerTokenSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -478,57 +478,57 @@ export interface BearerTokenSecret { * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ export interface MetricRelabeling { - /** - * Action to perform based on the regex matching. - * - * - * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - * - * - * Default: "Replace" - */ - action?: Action; - /** - * Modulus to take of the hash of the source label values. - * - * - * Only applicable when the action is `HashMod`. - */ - modulus?: number; - /** - * Regular expression against which the extracted value is matched. - */ - regex?: string; - /** - * Replacement value against which a Replace action is performed if the - * regular expression matches. - * - * - * Regex capture groups are available. - */ - replacement?: string; - /** - * Separator is the string between concatenated SourceLabels. - */ - separator?: string; - /** - * The source labels select values from existing labels. Their content is - * concatenated using the configured Separator and matched against the - * configured regular expression. - */ - sourceLabels?: string[]; - /** - * Label to which the resulting string is written in a replacement. - * - * - * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - * `KeepEqual` and `DropEqual` actions. - * - * - * Regex capture groups are available. - */ - targetLabel?: string; + /** + * Action to perform based on the regex matching. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * Default: "Replace" + */ + action?: Action; + /** + * Modulus to take of the hash of the source label values. + * + * + * Only applicable when the action is `HashMod`. + */ + modulus?: number; + /** + * Regular expression against which the extracted value is matched. + */ + regex?: string; + /** + * Replacement value against which a Replace action is performed if the + * regular expression matches. + * + * + * Regex capture groups are available. + */ + replacement?: string; + /** + * Separator is the string between concatenated SourceLabels. + */ + separator?: string; + /** + * The source labels select values from existing labels. Their content is + * concatenated using the configured Separator and matched against the + * configured regular expression. + */ + sourceLabels?: string[]; + /** + * Label to which the resulting string is written in a replacement. + * + * + * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + * `KeepEqual` and `DropEqual` actions. + * + * + * Regex capture groups are available. + */ + targetLabel?: string; } /** @@ -542,28 +542,28 @@ export interface MetricRelabeling { * Default: "Replace" */ export enum Action { - ActionDrop = "Drop", - ActionKeep = "Keep", - ActionLowercase = "Lowercase", - ActionReplace = "Replace", - ActionUppercase = "Uppercase", - Drop = "drop", - DropEqual = "DropEqual", - Dropequal = "dropequal", - HashMod = "HashMod", - Hashmod = "hashmod", - Keep = "keep", - KeepEqual = "KeepEqual", - Keepequal = "keepequal", - LabelDrop = "LabelDrop", - LabelKeep = "LabelKeep", - LabelMap = "LabelMap", - Labeldrop = "labeldrop", - Labelkeep = "labelkeep", - Labelmap = "labelmap", - Lowercase = "lowercase", - Replace = "replace", - Uppercase = "uppercase", + ActionDrop = "Drop", + ActionKeep = "Keep", + ActionLowercase = "Lowercase", + ActionReplace = "Replace", + ActionUppercase = "Uppercase", + Drop = "drop", + DropEqual = "DropEqual", + Dropequal = "dropequal", + HashMod = "HashMod", + Hashmod = "hashmod", + Keep = "keep", + KeepEqual = "KeepEqual", + Keepequal = "keepequal", + LabelDrop = "LabelDrop", + LabelKeep = "LabelKeep", + LabelMap = "LabelMap", + Labeldrop = "labeldrop", + Labelkeep = "labelkeep", + Labelmap = "labelmap", + Lowercase = "lowercase", + Replace = "replace", + Uppercase = "uppercase", } /** @@ -576,29 +576,29 @@ export enum Action { * Cannot be set at the same time as `authorization`, or `basicAuth`. */ export interface Oauth2 { - /** - * `clientId` specifies a key of a Secret or ConfigMap containing the - * OAuth2 client's ID. - */ - clientId: ClientID; - /** - * `clientSecret` specifies a key of a Secret containing the OAuth2 - * client's secret. - */ - clientSecret: ClientSecret; - /** - * `endpointParams` configures the HTTP parameters to append to the token - * URL. - */ - endpointParams?: { [key: string]: string }; - /** - * `scopes` defines the OAuth2 scopes used for the token request. - */ - scopes?: string[]; - /** - * `tokenURL` configures the URL to fetch the token from. - */ - tokenUrl: string; + /** + * `clientId` specifies a key of a Secret or ConfigMap containing the + * OAuth2 client's ID. + */ + clientId: ClientID; + /** + * `clientSecret` specifies a key of a Secret containing the OAuth2 + * client's secret. + */ + clientSecret: ClientSecret; + /** + * `endpointParams` configures the HTTP parameters to append to the token + * URL. + */ + endpointParams?: { [key: string]: string }; + /** + * `scopes` defines the OAuth2 scopes used for the token request. + */ + scopes?: string[]; + /** + * `tokenURL` configures the URL to fetch the token from. + */ + tokenUrl: string; } /** @@ -606,64 +606,64 @@ export interface Oauth2 { * OAuth2 client's ID. */ export interface ClientID { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: ClientIDConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: ClientIDSecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: ClientIDConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: ClientIDSecret; } /** * ConfigMap containing data to use for the targets. */ export interface ClientIDConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface ClientIDSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -671,25 +671,25 @@ export interface ClientIDSecret { * client's secret. */ export interface ClientSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -701,57 +701,57 @@ export interface ClientSecret { * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ export interface Relabeling { - /** - * Action to perform based on the regex matching. - * - * - * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - * - * - * Default: "Replace" - */ - action?: Action; - /** - * Modulus to take of the hash of the source label values. - * - * - * Only applicable when the action is `HashMod`. - */ - modulus?: number; - /** - * Regular expression against which the extracted value is matched. - */ - regex?: string; - /** - * Replacement value against which a Replace action is performed if the - * regular expression matches. - * - * - * Regex capture groups are available. - */ - replacement?: string; - /** - * Separator is the string between concatenated SourceLabels. - */ - separator?: string; - /** - * The source labels select values from existing labels. Their content is - * concatenated using the configured Separator and matched against the - * configured regular expression. - */ - sourceLabels?: string[]; - /** - * Label to which the resulting string is written in a replacement. - * - * - * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - * `KeepEqual` and `DropEqual` actions. - * - * - * Regex capture groups are available. - */ - targetLabel?: string; + /** + * Action to perform based on the regex matching. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * Default: "Replace" + */ + action?: Action; + /** + * Modulus to take of the hash of the source label values. + * + * + * Only applicable when the action is `HashMod`. + */ + modulus?: number; + /** + * Regular expression against which the extracted value is matched. + */ + regex?: string; + /** + * Replacement value against which a Replace action is performed if the + * regular expression matches. + * + * + * Regex capture groups are available. + */ + replacement?: string; + /** + * Separator is the string between concatenated SourceLabels. + */ + separator?: string; + /** + * The source labels select values from existing labels. Their content is + * concatenated using the configured Separator and matched against the + * configured regular expression. + */ + sourceLabels?: string[]; + /** + * Label to which the resulting string is written in a replacement. + * + * + * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + * `KeepEqual` and `DropEqual` actions. + * + * + * Regex capture groups are available. + */ + targetLabel?: string; } /** @@ -765,187 +765,187 @@ export interface Relabeling { * If empty, Prometheus uses the default value `http`. */ export enum Scheme { - HTTP = "http", - HTTPS = "https", + HTTP = "http", + HTTPS = "https", } /** * TLS configuration to use when scraping the target. */ export interface TLSConfig { - /** - * Certificate authority used when verifying server certificates. - */ - ca?: CA; - /** - * Client certificate to present when doing client-authentication. - */ - cert?: CERT; - /** - * Disable target certificate validation. - */ - insecureSkipVerify?: boolean; - /** - * Secret containing the client key file for the targets. - */ - keySecret?: KeySecret; - /** - * Used to verify the hostname for the targets. - */ - serverName?: string; + /** + * Certificate authority used when verifying server certificates. + */ + ca?: CA; + /** + * Client certificate to present when doing client-authentication. + */ + cert?: CERT; + /** + * Disable target certificate validation. + */ + insecureSkipVerify?: boolean; + /** + * Secret containing the client key file for the targets. + */ + keySecret?: KeySecret; + /** + * Used to verify the hostname for the targets. + */ + serverName?: string; } /** * Certificate authority used when verifying server certificates. */ export interface CA { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: CAConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: CASecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: CAConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: CASecret; } /** * ConfigMap containing data to use for the targets. */ export interface CAConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface CASecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** * Client certificate to present when doing client-authentication. */ export interface CERT { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: CERTConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: CERTSecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: CERTConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: CERTSecret; } /** * ConfigMap containing data to use for the targets. */ export interface CERTConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface CERTSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** * Secret containing the client key file for the targets. */ export interface KeySecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -957,26 +957,26 @@ export interface KeySecret { * * `PrometheusText0.0.4` */ export enum ScrapeProtocol { - OpenMetricsText001 = "OpenMetricsText0.0.1", - OpenMetricsText100 = "OpenMetricsText1.0.0", - PrometheusProto = "PrometheusProto", - PrometheusText004 = "PrometheusText0.0.4", + OpenMetricsText001 = "OpenMetricsText0.0.1", + OpenMetricsText100 = "OpenMetricsText1.0.0", + PrometheusProto = "PrometheusProto", + PrometheusText004 = "PrometheusText0.0.4", } /** * Label selector to select the Kubernetes `Pod` objects. */ export interface Selector { - /** - * matchExpressions is a list of label selector requirements. The requirements are ANDed. - */ - matchExpressions?: MatchExpression[]; - /** - * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - * map is equivalent to an element of matchExpressions, whose key field is "key", the - * operator is "In", and the values array contains only "value". The requirements are ANDed. - */ - matchLabels?: { [key: string]: string }; + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + */ + matchExpressions?: MatchExpression[]; + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + * map is equivalent to an element of matchExpressions, whose key field is "key", the + * operator is "In", and the values array contains only "value". The requirements are ANDed. + */ + matchLabels?: { [key: string]: string }; } /** @@ -985,22 +985,22 @@ export interface Selector { * relates the key and values. */ export interface MatchExpression { - /** - * key is the label key that the selector applies to. - */ - key: string; - /** - * operator represents a key's relationship to a set of values. - * Valid operators are In, NotIn, Exists and DoesNotExist. - */ - operator: string; - /** - * values is an array of string values. If the operator is In or NotIn, - * the values array must be non-empty. If the operator is Exists or DoesNotExist, - * the values array must be empty. This array is replaced during a strategic - * merge patch. - */ - values?: string[]; + /** + * key is the label key that the selector applies to. + */ + key: string; + /** + * operator represents a key's relationship to a set of values. + * Valid operators are In, NotIn, Exists and DoesNotExist. + */ + operator: string; + /** + * values is an array of string values. If the operator is In or NotIn, + * the values array must be non-empty. If the operator is Exists or DoesNotExist, + * the values array must be empty. This array is replaced during a strategic + * merge patch. + */ + values?: string[]; } RegisterKind(PodMonitor, { @@ -1008,4 +1008,4 @@ RegisterKind(PodMonitor, { version: "v1", kind: "PodMonitor", plural: "podmonitors", -}); \ No newline at end of file +}); diff --git a/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts b/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts index 3e4bd1a06..17c09c2a4 100644 --- a/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts +++ b/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts @@ -6,11 +6,11 @@ import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; * ServiceMonitor defines monitoring for a set of services. */ export class ServiceMonitor extends GenericKind { - /** - * Specification of desired Service selection for target discovery by - * Prometheus. - */ - spec?: Spec; + /** + * Specification of desired Service selection for target discovery by + * Prometheus. + */ + spec?: Spec; } /** @@ -18,116 +18,116 @@ export class ServiceMonitor extends GenericKind { * Prometheus. */ export interface Spec { - /** - * `attachMetadata` defines additional metadata which is added to the - * discovered targets. - * - * - * It requires Prometheus >= v2.37.0. - */ - attachMetadata?: AttachMetadata; - /** - * When defined, bodySizeLimit specifies a job level limit on the size - * of uncompressed response body that will be accepted by Prometheus. - * - * - * It requires Prometheus >= v2.28.0. - */ - bodySizeLimit?: string; - /** - * List of endpoints part of this ServiceMonitor. - */ - endpoints?: Endpoint[]; - /** - * `jobLabel` selects the label from the associated Kubernetes `Service` - * object which will be used as the `job` label for all metrics. - * - * - * For example if `jobLabel` is set to `foo` and the Kubernetes `Service` - * object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` - * label to all ingested metrics. - * - * - * If the value of this field is empty or if the label doesn't exist for - * the given Service, the `job` label of the metrics defaults to the name - * of the associated Kubernetes `Service`. - */ - jobLabel?: string; - /** - * Per-scrape limit on the number of targets dropped by relabeling - * that will be kept in memory. 0 means no limit. - * - * - * It requires Prometheus >= v2.47.0. - */ - keepDroppedTargets?: number; - /** - * Per-scrape limit on number of labels that will be accepted for a sample. - * - * - * It requires Prometheus >= v2.27.0. - */ - labelLimit?: number; - /** - * Per-scrape limit on length of labels name that will be accepted for a sample. - * - * - * It requires Prometheus >= v2.27.0. - */ - labelNameLengthLimit?: number; - /** - * Per-scrape limit on length of labels value that will be accepted for a sample. - * - * - * It requires Prometheus >= v2.27.0. - */ - labelValueLengthLimit?: number; - /** - * Selector to select which namespaces the Kubernetes `Endpoints` objects - * are discovered from. - */ - namespaceSelector?: NamespaceSelector; - /** - * `podTargetLabels` defines the labels which are transferred from the - * associated Kubernetes `Pod` object onto the ingested metrics. - */ - podTargetLabels?: string[]; - /** - * `sampleLimit` defines a per-scrape limit on the number of scraped samples - * that will be accepted. - */ - sampleLimit?: number; - /** - * The scrape class to apply. - */ - scrapeClass?: string; - /** - * `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients - * the - * protocols supported by Prometheus in order of preference (from most to least - * preferred). - * - * - * If unset, Prometheus uses its default value. - * - * - * It requires Prometheus >= v2.49.0. - */ - scrapeProtocols?: ScrapeProtocol[]; - /** - * Label selector to select the Kubernetes `Endpoints` objects. - */ - selector: Selector; - /** - * `targetLabels` defines the labels which are transferred from the - * associated Kubernetes `Service` object onto the ingested metrics. - */ - targetLabels?: string[]; - /** - * `targetLimit` defines a limit on the number of scraped targets that will - * be accepted. - */ - targetLimit?: number; + /** + * `attachMetadata` defines additional metadata which is added to the + * discovered targets. + * + * + * It requires Prometheus >= v2.37.0. + */ + attachMetadata?: AttachMetadata; + /** + * When defined, bodySizeLimit specifies a job level limit on the size + * of uncompressed response body that will be accepted by Prometheus. + * + * + * It requires Prometheus >= v2.28.0. + */ + bodySizeLimit?: string; + /** + * List of endpoints part of this ServiceMonitor. + */ + endpoints?: Endpoint[]; + /** + * `jobLabel` selects the label from the associated Kubernetes `Service` + * object which will be used as the `job` label for all metrics. + * + * + * For example if `jobLabel` is set to `foo` and the Kubernetes `Service` + * object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` + * label to all ingested metrics. + * + * + * If the value of this field is empty or if the label doesn't exist for + * the given Service, the `job` label of the metrics defaults to the name + * of the associated Kubernetes `Service`. + */ + jobLabel?: string; + /** + * Per-scrape limit on the number of targets dropped by relabeling + * that will be kept in memory. 0 means no limit. + * + * + * It requires Prometheus >= v2.47.0. + */ + keepDroppedTargets?: number; + /** + * Per-scrape limit on number of labels that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelLimit?: number; + /** + * Per-scrape limit on length of labels name that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelNameLengthLimit?: number; + /** + * Per-scrape limit on length of labels value that will be accepted for a sample. + * + * + * It requires Prometheus >= v2.27.0. + */ + labelValueLengthLimit?: number; + /** + * Selector to select which namespaces the Kubernetes `Endpoints` objects + * are discovered from. + */ + namespaceSelector?: NamespaceSelector; + /** + * `podTargetLabels` defines the labels which are transferred from the + * associated Kubernetes `Pod` object onto the ingested metrics. + */ + podTargetLabels?: string[]; + /** + * `sampleLimit` defines a per-scrape limit on the number of scraped samples + * that will be accepted. + */ + sampleLimit?: number; + /** + * The scrape class to apply. + */ + scrapeClass?: string; + /** + * `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients + * the + * protocols supported by Prometheus in order of preference (from most to least + * preferred). + * + * + * If unset, Prometheus uses its default value. + * + * + * It requires Prometheus >= v2.49.0. + */ + scrapeProtocols?: ScrapeProtocol[]; + /** + * Label selector to select the Kubernetes `Endpoints` objects. + */ + selector: Selector; + /** + * `targetLabels` defines the labels which are transferred from the + * associated Kubernetes `Service` object onto the ingested metrics. + */ + targetLabels?: string[]; + /** + * `targetLimit` defines a limit on the number of scraped targets that will + * be accepted. + */ + targetLimit?: number; } /** @@ -138,11 +138,11 @@ export interface Spec { * It requires Prometheus >= v2.37.0. */ export interface AttachMetadata { - /** - * When set to true, Prometheus must have the `get` permission on the - * `Nodes` objects. - */ - node?: boolean; + /** + * When set to true, Prometheus must have the `get` permission on the + * `Nodes` objects. + */ + node?: boolean; } /** @@ -150,165 +150,165 @@ export interface AttachMetadata { * Prometheus. */ export interface Endpoint { - /** - * `authorization` configures the Authorization header credentials to use when - * scraping the target. - * - * - * Cannot be set at the same time as `basicAuth`, or `oauth2`. - */ - authorization?: Authorization; - /** - * `basicAuth` configures the Basic Authentication credentials to use when - * scraping the target. - * - * - * Cannot be set at the same time as `authorization`, or `oauth2`. - */ - basicAuth?: BasicAuth; - /** - * File to read bearer token for scraping the target. - * - * - * Deprecated: use `authorization` instead. - */ - bearerTokenFile?: string; - /** - * `bearerTokenSecret` specifies a key of a Secret containing the bearer - * token for scraping targets. The secret needs to be in the same namespace - * as the ServiceMonitor object and readable by the Prometheus Operator. - * - * - * Deprecated: use `authorization` instead. - */ - bearerTokenSecret?: BearerTokenSecret; - /** - * `enableHttp2` can be used to disable HTTP2 when scraping the target. - */ - enableHttp2?: boolean; - /** - * When true, the pods which are not running (e.g. either in Failed or - * Succeeded state) are dropped during the target discovery. - * - * - * If unset, the filtering is enabled. - * - * - * More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase - */ - filterRunning?: boolean; - /** - * `followRedirects` defines whether the scrape requests should follow HTTP - * 3xx redirects. - */ - followRedirects?: boolean; - /** - * When true, `honorLabels` preserves the metric's labels when they collide - * with the target's labels. - */ - honorLabels?: boolean; - /** - * `honorTimestamps` controls whether Prometheus preserves the timestamps - * when exposed by the target. - */ - honorTimestamps?: boolean; - /** - * Interval at which Prometheus scrapes the metrics from the target. - * - * - * If empty, Prometheus uses the global scrape interval. - */ - interval?: string; - /** - * `metricRelabelings` configures the relabeling rules to apply to the - * samples before ingestion. - */ - metricRelabelings?: MetricRelabeling[]; - /** - * `oauth2` configures the OAuth2 settings to use when scraping the target. - * - * - * It requires Prometheus >= 2.27.0. - * - * - * Cannot be set at the same time as `authorization`, or `basicAuth`. - */ - oauth2?: Oauth2; - /** - * params define optional HTTP URL parameters. - */ - params?: { [key: string]: string[] }; - /** - * HTTP path from which to scrape for metrics. - * - * - * If empty, Prometheus uses the default value (e.g. `/metrics`). - */ - path?: string; - /** - * Name of the Service port which this endpoint refers to. - * - * - * It takes precedence over `targetPort`. - */ - port?: string; - /** - * `proxyURL` configures the HTTP Proxy URL (e.g. - * "http://proxyserver:2195") to go through when scraping the target. - */ - proxyUrl?: string; - /** - * `relabelings` configures the relabeling rules to apply the target's - * metadata labels. - * - * - * The Operator automatically adds relabelings for a few standard Kubernetes fields. - * - * - * The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - * - * - * More info: - * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - */ - relabelings?: Relabeling[]; - /** - * HTTP scheme to use for scraping. - * - * - * `http` and `https` are the expected values unless you rewrite the - * `__scheme__` label via relabeling. - * - * - * If empty, Prometheus uses the default value `http`. - */ - scheme?: Scheme; - /** - * Timeout after which Prometheus considers the scrape to be failed. - * - * - * If empty, Prometheus uses the global scrape timeout unless it is less - * than the target's scrape interval value in which the latter is used. - */ - scrapeTimeout?: string; - /** - * Name or number of the target port of the `Pod` object behind the - * Service. The port must be specified with the container's port property. - */ - targetPort?: number | string; - /** - * TLS configuration to use when scraping the target. - */ - tlsConfig?: TLSConfig; - /** - * `trackTimestampsStaleness` defines whether Prometheus tracks staleness of - * the metrics that have an explicit timestamp present in scraped data. - * Has no effect if `honorTimestamps` is false. - * - * - * It requires Prometheus >= v2.48.0. - */ - trackTimestampsStaleness?: boolean; + /** + * `authorization` configures the Authorization header credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `basicAuth`, or `oauth2`. + */ + authorization?: Authorization; + /** + * `basicAuth` configures the Basic Authentication credentials to use when + * scraping the target. + * + * + * Cannot be set at the same time as `authorization`, or `oauth2`. + */ + basicAuth?: BasicAuth; + /** + * File to read bearer token for scraping the target. + * + * + * Deprecated: use `authorization` instead. + */ + bearerTokenFile?: string; + /** + * `bearerTokenSecret` specifies a key of a Secret containing the bearer + * token for scraping targets. The secret needs to be in the same namespace + * as the ServiceMonitor object and readable by the Prometheus Operator. + * + * + * Deprecated: use `authorization` instead. + */ + bearerTokenSecret?: BearerTokenSecret; + /** + * `enableHttp2` can be used to disable HTTP2 when scraping the target. + */ + enableHttp2?: boolean; + /** + * When true, the pods which are not running (e.g. either in Failed or + * Succeeded state) are dropped during the target discovery. + * + * + * If unset, the filtering is enabled. + * + * + * More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase + */ + filterRunning?: boolean; + /** + * `followRedirects` defines whether the scrape requests should follow HTTP + * 3xx redirects. + */ + followRedirects?: boolean; + /** + * When true, `honorLabels` preserves the metric's labels when they collide + * with the target's labels. + */ + honorLabels?: boolean; + /** + * `honorTimestamps` controls whether Prometheus preserves the timestamps + * when exposed by the target. + */ + honorTimestamps?: boolean; + /** + * Interval at which Prometheus scrapes the metrics from the target. + * + * + * If empty, Prometheus uses the global scrape interval. + */ + interval?: string; + /** + * `metricRelabelings` configures the relabeling rules to apply to the + * samples before ingestion. + */ + metricRelabelings?: MetricRelabeling[]; + /** + * `oauth2` configures the OAuth2 settings to use when scraping the target. + * + * + * It requires Prometheus >= 2.27.0. + * + * + * Cannot be set at the same time as `authorization`, or `basicAuth`. + */ + oauth2?: Oauth2; + /** + * params define optional HTTP URL parameters. + */ + params?: { [key: string]: string[] }; + /** + * HTTP path from which to scrape for metrics. + * + * + * If empty, Prometheus uses the default value (e.g. `/metrics`). + */ + path?: string; + /** + * Name of the Service port which this endpoint refers to. + * + * + * It takes precedence over `targetPort`. + */ + port?: string; + /** + * `proxyURL` configures the HTTP Proxy URL (e.g. + * "http://proxyserver:2195") to go through when scraping the target. + */ + proxyUrl?: string; + /** + * `relabelings` configures the relabeling rules to apply the target's + * metadata labels. + * + * + * The Operator automatically adds relabelings for a few standard Kubernetes fields. + * + * + * The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + * + * + * More info: + * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + */ + relabelings?: Relabeling[]; + /** + * HTTP scheme to use for scraping. + * + * + * `http` and `https` are the expected values unless you rewrite the + * `__scheme__` label via relabeling. + * + * + * If empty, Prometheus uses the default value `http`. + */ + scheme?: Scheme; + /** + * Timeout after which Prometheus considers the scrape to be failed. + * + * + * If empty, Prometheus uses the global scrape timeout unless it is less + * than the target's scrape interval value in which the latter is used. + */ + scrapeTimeout?: string; + /** + * Name or number of the target port of the `Pod` object behind the + * Service. The port must be specified with the container's port property. + */ + targetPort?: number | string; + /** + * TLS configuration to use when scraping the target. + */ + tlsConfig?: TLSConfig; + /** + * `trackTimestampsStaleness` defines whether Prometheus tracks staleness of + * the metrics that have an explicit timestamp present in scraped data. + * Has no effect if `honorTimestamps` is false. + * + * + * It requires Prometheus >= v2.48.0. + */ + trackTimestampsStaleness?: boolean; } /** @@ -319,21 +319,21 @@ export interface Endpoint { * Cannot be set at the same time as `basicAuth`, or `oauth2`. */ export interface Authorization { - /** - * Selects a key of a Secret in the namespace that contains the credentials for - * authentication. - */ - credentials?: Credentials; - /** - * Defines the authentication type. The value is case-insensitive. - * - * - * "Basic" is not a supported value. - * - * - * Default: "Bearer" - */ - type?: string; + /** + * Selects a key of a Secret in the namespace that contains the credentials for + * authentication. + */ + credentials?: Credentials; + /** + * Defines the authentication type. The value is case-insensitive. + * + * + * "Basic" is not a supported value. + * + * + * Default: "Bearer" + */ + type?: string; } /** @@ -341,25 +341,25 @@ export interface Authorization { * authentication. */ export interface Credentials { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -370,16 +370,16 @@ export interface Credentials { * Cannot be set at the same time as `authorization`, or `oauth2`. */ export interface BasicAuth { - /** - * `password` specifies a key of a Secret containing the password for - * authentication. - */ - password?: Password; - /** - * `username` specifies a key of a Secret containing the username for - * authentication. - */ - username?: Username; + /** + * `password` specifies a key of a Secret containing the password for + * authentication. + */ + password?: Password; + /** + * `username` specifies a key of a Secret containing the username for + * authentication. + */ + username?: Username; } /** @@ -387,25 +387,25 @@ export interface BasicAuth { * authentication. */ export interface Password { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -413,25 +413,25 @@ export interface Password { * authentication. */ export interface Username { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -443,25 +443,25 @@ export interface Username { * Deprecated: use `authorization` instead. */ export interface BearerTokenSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -473,57 +473,57 @@ export interface BearerTokenSecret { * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ export interface MetricRelabeling { - /** - * Action to perform based on the regex matching. - * - * - * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - * - * - * Default: "Replace" - */ - action?: Action; - /** - * Modulus to take of the hash of the source label values. - * - * - * Only applicable when the action is `HashMod`. - */ - modulus?: number; - /** - * Regular expression against which the extracted value is matched. - */ - regex?: string; - /** - * Replacement value against which a Replace action is performed if the - * regular expression matches. - * - * - * Regex capture groups are available. - */ - replacement?: string; - /** - * Separator is the string between concatenated SourceLabels. - */ - separator?: string; - /** - * The source labels select values from existing labels. Their content is - * concatenated using the configured Separator and matched against the - * configured regular expression. - */ - sourceLabels?: string[]; - /** - * Label to which the resulting string is written in a replacement. - * - * - * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - * `KeepEqual` and `DropEqual` actions. - * - * - * Regex capture groups are available. - */ - targetLabel?: string; + /** + * Action to perform based on the regex matching. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * Default: "Replace" + */ + action?: Action; + /** + * Modulus to take of the hash of the source label values. + * + * + * Only applicable when the action is `HashMod`. + */ + modulus?: number; + /** + * Regular expression against which the extracted value is matched. + */ + regex?: string; + /** + * Replacement value against which a Replace action is performed if the + * regular expression matches. + * + * + * Regex capture groups are available. + */ + replacement?: string; + /** + * Separator is the string between concatenated SourceLabels. + */ + separator?: string; + /** + * The source labels select values from existing labels. Their content is + * concatenated using the configured Separator and matched against the + * configured regular expression. + */ + sourceLabels?: string[]; + /** + * Label to which the resulting string is written in a replacement. + * + * + * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + * `KeepEqual` and `DropEqual` actions. + * + * + * Regex capture groups are available. + */ + targetLabel?: string; } /** @@ -537,28 +537,28 @@ export interface MetricRelabeling { * Default: "Replace" */ export enum Action { - ActionDrop = "Drop", - ActionKeep = "Keep", - ActionLowercase = "Lowercase", - ActionReplace = "Replace", - ActionUppercase = "Uppercase", - Drop = "drop", - DropEqual = "DropEqual", - Dropequal = "dropequal", - HashMod = "HashMod", - Hashmod = "hashmod", - Keep = "keep", - KeepEqual = "KeepEqual", - Keepequal = "keepequal", - LabelDrop = "LabelDrop", - LabelKeep = "LabelKeep", - LabelMap = "LabelMap", - Labeldrop = "labeldrop", - Labelkeep = "labelkeep", - Labelmap = "labelmap", - Lowercase = "lowercase", - Replace = "replace", - Uppercase = "uppercase", + ActionDrop = "Drop", + ActionKeep = "Keep", + ActionLowercase = "Lowercase", + ActionReplace = "Replace", + ActionUppercase = "Uppercase", + Drop = "drop", + DropEqual = "DropEqual", + Dropequal = "dropequal", + HashMod = "HashMod", + Hashmod = "hashmod", + Keep = "keep", + KeepEqual = "KeepEqual", + Keepequal = "keepequal", + LabelDrop = "LabelDrop", + LabelKeep = "LabelKeep", + LabelMap = "LabelMap", + Labeldrop = "labeldrop", + Labelkeep = "labelkeep", + Labelmap = "labelmap", + Lowercase = "lowercase", + Replace = "replace", + Uppercase = "uppercase", } /** @@ -571,29 +571,29 @@ export enum Action { * Cannot be set at the same time as `authorization`, or `basicAuth`. */ export interface Oauth2 { - /** - * `clientId` specifies a key of a Secret or ConfigMap containing the - * OAuth2 client's ID. - */ - clientId: ClientID; - /** - * `clientSecret` specifies a key of a Secret containing the OAuth2 - * client's secret. - */ - clientSecret: ClientSecret; - /** - * `endpointParams` configures the HTTP parameters to append to the token - * URL. - */ - endpointParams?: { [key: string]: string }; - /** - * `scopes` defines the OAuth2 scopes used for the token request. - */ - scopes?: string[]; - /** - * `tokenURL` configures the URL to fetch the token from. - */ - tokenUrl: string; + /** + * `clientId` specifies a key of a Secret or ConfigMap containing the + * OAuth2 client's ID. + */ + clientId: ClientID; + /** + * `clientSecret` specifies a key of a Secret containing the OAuth2 + * client's secret. + */ + clientSecret: ClientSecret; + /** + * `endpointParams` configures the HTTP parameters to append to the token + * URL. + */ + endpointParams?: { [key: string]: string }; + /** + * `scopes` defines the OAuth2 scopes used for the token request. + */ + scopes?: string[]; + /** + * `tokenURL` configures the URL to fetch the token from. + */ + tokenUrl: string; } /** @@ -601,64 +601,64 @@ export interface Oauth2 { * OAuth2 client's ID. */ export interface ClientID { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: ClientIDConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: ClientIDSecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: ClientIDConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: ClientIDSecret; } /** * ConfigMap containing data to use for the targets. */ export interface ClientIDConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface ClientIDSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -666,25 +666,25 @@ export interface ClientIDSecret { * client's secret. */ export interface ClientSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -696,57 +696,57 @@ export interface ClientSecret { * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ export interface Relabeling { - /** - * Action to perform based on the regex matching. - * - * - * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - * - * - * Default: "Replace" - */ - action?: Action; - /** - * Modulus to take of the hash of the source label values. - * - * - * Only applicable when the action is `HashMod`. - */ - modulus?: number; - /** - * Regular expression against which the extracted value is matched. - */ - regex?: string; - /** - * Replacement value against which a Replace action is performed if the - * regular expression matches. - * - * - * Regex capture groups are available. - */ - replacement?: string; - /** - * Separator is the string between concatenated SourceLabels. - */ - separator?: string; - /** - * The source labels select values from existing labels. Their content is - * concatenated using the configured Separator and matched against the - * configured regular expression. - */ - sourceLabels?: string[]; - /** - * Label to which the resulting string is written in a replacement. - * - * - * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - * `KeepEqual` and `DropEqual` actions. - * - * - * Regex capture groups are available. - */ - targetLabel?: string; + /** + * Action to perform based on the regex matching. + * + * + * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + * + * + * Default: "Replace" + */ + action?: Action; + /** + * Modulus to take of the hash of the source label values. + * + * + * Only applicable when the action is `HashMod`. + */ + modulus?: number; + /** + * Regular expression against which the extracted value is matched. + */ + regex?: string; + /** + * Replacement value against which a Replace action is performed if the + * regular expression matches. + * + * + * Regex capture groups are available. + */ + replacement?: string; + /** + * Separator is the string between concatenated SourceLabels. + */ + separator?: string; + /** + * The source labels select values from existing labels. Their content is + * concatenated using the configured Separator and matched against the + * configured regular expression. + */ + sourceLabels?: string[]; + /** + * Label to which the resulting string is written in a replacement. + * + * + * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + * `KeepEqual` and `DropEqual` actions. + * + * + * Regex capture groups are available. + */ + targetLabel?: string; } /** @@ -760,199 +760,199 @@ export interface Relabeling { * If empty, Prometheus uses the default value `http`. */ export enum Scheme { - HTTP = "http", - HTTPS = "https", + HTTP = "http", + HTTPS = "https", } /** * TLS configuration to use when scraping the target. */ export interface TLSConfig { - /** - * Certificate authority used when verifying server certificates. - */ - ca?: CA; - /** - * Path to the CA cert in the Prometheus container to use for the targets. - */ - caFile?: string; - /** - * Client certificate to present when doing client-authentication. - */ - cert?: CERT; - /** - * Path to the client cert file in the Prometheus container for the targets. - */ - certFile?: string; - /** - * Disable target certificate validation. - */ - insecureSkipVerify?: boolean; - /** - * Path to the client key file in the Prometheus container for the targets. - */ - keyFile?: string; - /** - * Secret containing the client key file for the targets. - */ - keySecret?: KeySecret; - /** - * Used to verify the hostname for the targets. - */ - serverName?: string; + /** + * Certificate authority used when verifying server certificates. + */ + ca?: CA; + /** + * Path to the CA cert in the Prometheus container to use for the targets. + */ + caFile?: string; + /** + * Client certificate to present when doing client-authentication. + */ + cert?: CERT; + /** + * Path to the client cert file in the Prometheus container for the targets. + */ + certFile?: string; + /** + * Disable target certificate validation. + */ + insecureSkipVerify?: boolean; + /** + * Path to the client key file in the Prometheus container for the targets. + */ + keyFile?: string; + /** + * Secret containing the client key file for the targets. + */ + keySecret?: KeySecret; + /** + * Used to verify the hostname for the targets. + */ + serverName?: string; } /** * Certificate authority used when verifying server certificates. */ export interface CA { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: CAConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: CASecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: CAConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: CASecret; } /** * ConfigMap containing data to use for the targets. */ export interface CAConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface CASecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** * Client certificate to present when doing client-authentication. */ export interface CERT { - /** - * ConfigMap containing data to use for the targets. - */ - configMap?: CERTConfigMap; - /** - * Secret containing data to use for the targets. - */ - secret?: CERTSecret; + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: CERTConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: CERTSecret; } /** * ConfigMap containing data to use for the targets. */ export interface CERTConfigMap { - /** - * The key to select. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the ConfigMap or its key must be defined - */ - optional?: boolean; + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; } /** * Secret containing data to use for the targets. */ export interface CERTSecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** * Secret containing the client key file for the targets. */ export interface KeySecret { - /** - * The key of the secret to select from. Must be a valid secret key. - */ - key: string; - /** - * Name of the referent. - * This field is effectively required, but due to backwards compatibility is - * allowed to be empty. Instances of this type with an empty value here are - * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? - * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - */ - name?: string; - /** - * Specify whether the Secret or its key must be defined - */ - optional?: boolean; + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; } /** @@ -960,15 +960,15 @@ export interface KeySecret { * are discovered from. */ export interface NamespaceSelector { - /** - * Boolean describing whether all namespaces are selected in contrast to a - * list restricting them. - */ - any?: boolean; - /** - * List of namespace names to select from. - */ - matchNames?: string[]; + /** + * Boolean describing whether all namespaces are selected in contrast to a + * list restricting them. + */ + any?: boolean; + /** + * List of namespace names to select from. + */ + matchNames?: string[]; } /** @@ -980,26 +980,26 @@ export interface NamespaceSelector { * * `PrometheusText0.0.4` */ export enum ScrapeProtocol { - OpenMetricsText001 = "OpenMetricsText0.0.1", - OpenMetricsText100 = "OpenMetricsText1.0.0", - PrometheusProto = "PrometheusProto", - PrometheusText004 = "PrometheusText0.0.4", + OpenMetricsText001 = "OpenMetricsText0.0.1", + OpenMetricsText100 = "OpenMetricsText1.0.0", + PrometheusProto = "PrometheusProto", + PrometheusText004 = "PrometheusText0.0.4", } /** * Label selector to select the Kubernetes `Endpoints` objects. */ export interface Selector { - /** - * matchExpressions is a list of label selector requirements. The requirements are ANDed. - */ - matchExpressions?: MatchExpression[]; - /** - * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - * map is equivalent to an element of matchExpressions, whose key field is "key", the - * operator is "In", and the values array contains only "value". The requirements are ANDed. - */ - matchLabels?: { [key: string]: string }; + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + */ + matchExpressions?: MatchExpression[]; + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + * map is equivalent to an element of matchExpressions, whose key field is "key", the + * operator is "In", and the values array contains only "value". The requirements are ANDed. + */ + matchLabels?: { [key: string]: string }; } /** @@ -1008,22 +1008,22 @@ export interface Selector { * relates the key and values. */ export interface MatchExpression { - /** - * key is the label key that the selector applies to. - */ - key: string; - /** - * operator represents a key's relationship to a set of values. - * Valid operators are In, NotIn, Exists and DoesNotExist. - */ - operator: string; - /** - * values is an array of string values. If the operator is In or NotIn, - * the values array must be non-empty. If the operator is Exists or DoesNotExist, - * the values array must be empty. This array is replaced during a strategic - * merge patch. - */ - values?: string[]; + /** + * key is the label key that the selector applies to. + */ + key: string; + /** + * operator represents a key's relationship to a set of values. + * Valid operators are In, NotIn, Exists and DoesNotExist. + */ + operator: string; + /** + * values is an array of string values. If the operator is In or NotIn, + * the values array must be non-empty. If the operator is Exists or DoesNotExist, + * the values array must be empty. This array is replaced during a strategic + * merge patch. + */ + values?: string[]; } RegisterKind(ServiceMonitor, { @@ -1031,4 +1031,4 @@ RegisterKind(ServiceMonitor, { version: "v1", kind: "ServiceMonitor", plural: "servicemonitors", -}); \ No newline at end of file +}); diff --git a/src/pepr/operator/crd/index.ts b/src/pepr/operator/crd/index.ts index 1735c5066..a7e5e9bdb 100644 --- a/src/pepr/operator/crd/index.ts +++ b/src/pepr/operator/crd/index.ts @@ -1,38 +1,37 @@ export { - Allow, - Direction, - Expose, - Gateway, - Monitor, - Phase, - Status as PkgStatus, - RemoteGenerated, - Sso, - Package as UDSPackage + Allow, + Direction, + Expose, + Gateway, + Monitor, + Phase, + Status as PkgStatus, + RemoteGenerated, + Sso, + Package as UDSPackage, } from "./generated/package-v1alpha1"; export { - ExemptionElement, - Matcher, - Kind as MatcherKind, - Policy, - Exemption as UDSExemption + ExemptionElement, + Matcher, + Kind as MatcherKind, + Policy, + Exemption as UDSExemption, } from "./generated/exemption-v1alpha1"; export { - HTTP as IstioHTTP, - HTTPRoute as IstioHTTPRoute, - VirtualService as IstioVirtualService + HTTP as IstioHTTP, + HTTPRoute as IstioHTTPRoute, + VirtualService as IstioVirtualService, } from "./generated/istio/virtualservice-v1beta1"; export { - Endpoint as IstioEndpoint, - Location as IstioLocation, - Port as IstioPort, - Resolution as IstioResolution, - ServiceEntry as IstioServiceEntry + Endpoint as IstioEndpoint, + Location as IstioLocation, + Port as IstioPort, + Resolution as IstioResolution, + ServiceEntry as IstioServiceEntry, } from "./generated/istio/serviceentry-v1beta1"; export * as PrometheusPodMonitor from "./generated/prometheus/podmonitor-v1"; export * as PrometheusServiceMonitor from "./generated/prometheus/servicemonitor-v1"; - diff --git a/src/pepr/prometheus/index.ts b/src/pepr/prometheus/index.ts index c40d9b43f..ab6a6389e 100644 --- a/src/pepr/prometheus/index.ts +++ b/src/pepr/prometheus/index.ts @@ -16,11 +16,13 @@ When(PrometheusServiceMonitor.ServiceMonitor) .Mutate(async sm => { // Provide an opt-out of mutation to handle complicated scenarios if (sm.Raw.metadata?.annotations?.["uds/skip-sm-mutate"]) { - Log.info(`Mutating scrapeClass to exempt ServiceMonitor ${sm.Raw.metadata?.name} from default scrapeClass mTLS config`); - if (sm.Raw.spec === undefined) { - return; - } - sm.Raw.spec.scrapeClass = "exempt"; + Log.info( + `Mutating scrapeClass to exempt ServiceMonitor ${sm.Raw.metadata?.name} from default scrapeClass mTLS config`, + ); + if (sm.Raw.spec === undefined) { + return; + } + sm.Raw.spec.scrapeClass = "exempt"; return; } @@ -29,10 +31,10 @@ When(PrometheusServiceMonitor.ServiceMonitor) if (sm.Raw.spec?.endpoints === undefined) { return; } - /** - * Patching ServiceMonitor tlsConfig is deprecated in favor of default scrapeClass with tls config - * this mutation will be removed in favor of a mutation to opt-out of the default scrapeClass in the future - */ + /** + * Patching ServiceMonitor tlsConfig is deprecated in favor of default scrapeClass with tls config + * this mutation will be removed in favor of a mutation to opt-out of the default scrapeClass in the future + */ Log.info(`Patching service monitor ${sm.Raw.metadata?.name} for mTLS metrics`); const tlsConfig = { caFile: "/etc/prom-certs/root-cert.pem", @@ -47,7 +49,13 @@ When(PrometheusServiceMonitor.ServiceMonitor) }); sm.Raw.spec.endpoints = endpoints; } else { - Log.info(`No mutations needed for service monitor ${sm.Raw.metadata?.name}`); + Log.info( + `Mutating scrapeClass to exempt ServiceMonitor ${sm.Raw.metadata?.name} from default scrapeClass mTLS config`, + ); + if (sm.Raw.spec === undefined) { + return; + } + sm.Raw.spec.scrapeClass = "exempt"; } }); From 065fb2207a630822f1d48c79b7a41af08c48d95b Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Thu, 27 Jun 2024 18:27:05 -0400 Subject: [PATCH 04/19] add test, pepr helm changes --- packages/slim-dev/zarf.yaml | 8 +--- packages/standard/zarf.yaml | 2 +- .../monitoring/pod-monitor.spec.ts | 41 +++++++++++++++++++ .../reconcilers/package-reconciler.ts | 2 +- src/pepr/values/values.yaml | 25 +++++++++++ src/pepr/zarf.yaml | 11 +++++ 6 files changed, 80 insertions(+), 9 deletions(-) create mode 100644 src/pepr/operator/controllers/monitoring/pod-monitor.spec.ts create mode 100644 src/pepr/values/values.yaml create mode 100644 src/pepr/zarf.yaml diff --git a/packages/slim-dev/zarf.yaml b/packages/slim-dev/zarf.yaml index 8f2b79586..40404636a 100644 --- a/packages/slim-dev/zarf.yaml +++ b/packages/slim-dev/zarf.yaml @@ -39,7 +39,7 @@ components: - name: pepr-uds-core required: true import: - path: ../../dist + path: ../../src/pepr name: module # Keycloak @@ -47,9 +47,3 @@ components: required: true import: path: ../../src/keycloak - - # Prometheus temp for testing monitors TODO @zachariahmiller remove before merge - - name: kube-prometheus-stack - required: true - import: - path: ../../src/prometheus-stack \ No newline at end of file diff --git a/packages/standard/zarf.yaml b/packages/standard/zarf.yaml index 2723d7698..002a06e1f 100644 --- a/packages/standard/zarf.yaml +++ b/packages/standard/zarf.yaml @@ -39,7 +39,7 @@ components: - name: pepr-uds-core required: true import: - path: ../../dist + path: ../../src/pepr name: module # Metrics Server diff --git a/src/pepr/operator/controllers/monitoring/pod-monitor.spec.ts b/src/pepr/operator/controllers/monitoring/pod-monitor.spec.ts new file mode 100644 index 000000000..acba54e26 --- /dev/null +++ b/src/pepr/operator/controllers/monitoring/pod-monitor.spec.ts @@ -0,0 +1,41 @@ +import { describe, expect, it } from "@jest/globals"; +import { Monitor } from "../../crd"; +import { generatePodMonitor } from "./pod-monitor"; + +describe("test generate Pod monitor", () => { + it("should return a valid Pod Monitor object", () => { + const ownerRefs = [ + { + apiVersion: "uds.dev/v1alpha1", + kind: "Package", + name: "test", + uid: "f50120aa-2713-4502-9496-566b102b1174", + }, + ]; + const portName = "http-metrics"; + const metricsPath = "/test"; + const selectorApp = "test"; + const monitor: Monitor = { + portName: portName, + path: metricsPath, + targetPort: 1234, + selector: { + app: selectorApp, + }, + }; + const namespace = "test"; + const pkgName = "test"; + const generation = "1"; + const payload = generatePodMonitor(monitor, namespace, pkgName, generation, ownerRefs); + + expect(payload).toBeDefined(); + expect(payload.metadata?.name).toEqual(`${pkgName}-${selectorApp}-${portName}`); + expect(payload.metadata?.namespace).toEqual(namespace); + expect(payload.spec?.podMetricsEndpoints).toBeDefined(); + if (payload.spec?.podMetricsEndpoints) { + expect(payload.spec.podMetricsEndpoints[0].port).toEqual(portName); + expect(payload.spec.podMetricsEndpoints[0].path).toEqual(metricsPath); + } + expect(payload.spec?.selector.matchLabels).toHaveProperty("app", "test"); + }); +}); diff --git a/src/pepr/operator/reconcilers/package-reconciler.ts b/src/pepr/operator/reconcilers/package-reconciler.ts index 1987beb24..693a090c3 100644 --- a/src/pepr/operator/reconcilers/package-reconciler.ts +++ b/src/pepr/operator/reconcilers/package-reconciler.ts @@ -58,7 +58,7 @@ export async function packageReconciler(pkg: UDSPackage) { } } } else { - Log.warn(`Running in single test mode, skipping ${name} ServiceMonitors.`); + Log.warn(`Running in single test mode, skipping ${name} Monitors.`); } // Configure SSO diff --git a/src/pepr/values/values.yaml b/src/pepr/values/values.yaml new file mode 100644 index 000000000..0f0196c7b --- /dev/null +++ b/src/pepr/values/values.yaml @@ -0,0 +1,25 @@ +# admission: +# terminationGracePeriodSeconds: 5 +# failurePolicy: 'Fail' +# env: +# - name: 'PEPR_WATCH_MODE' +# value: 'false' +# - name: 'PEPR_PRETTY_LOG' +# value: 'false' +# - name: 'LOG_LEVEL' +# value: 'info' +# watcher: +# env: +# - name: 'PEPR_WATCH_MODE' +# value: 'true' +# - name: 'PEPR_PRETTY_LOG' +# value: 'false' +# - name: 'LOG_LEVEL' +# value: 'info' +# resources: +# requests: +# memory: '64Mi' +# cpu: '100m' +# limits: +# memory: '256Mi' +# cpu: '500m' diff --git a/src/pepr/zarf.yaml b/src/pepr/zarf.yaml new file mode 100644 index 000000000..11d5ec6f2 --- /dev/null +++ b/src/pepr/zarf.yaml @@ -0,0 +1,11 @@ +kind: ZarfPackageConfig +metadata: + name: pepr-uds-core + description: 'Pepr Module: A collection of capabilities for UDS Core' + url: https://github.com/defenseunicorns/pepr +components: + - name: module + required: true + import: + path: ../../dist + name: module \ No newline at end of file From 1e3e35ee2e35e8e4764c386c461e26a93c8a7a7c Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Thu, 27 Jun 2024 18:34:20 -0400 Subject: [PATCH 05/19] remove task i was using for dev --- tasks.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tasks.yaml b/tasks.yaml index 89679576d..d6976988a 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -21,13 +21,6 @@ tasks: - description: "Build, deploy and test UDS Core" task: test-uds-core - - name: dev - actions: - - task: create:pepr-build - - description: "Full Slim Dev Deploy" - task: setup:create-k3d-cluster - - cmd: ./uds zarf dev deploy packages/slim-dev --flavor ${FLAVOR} - - name: dev-setup actions: - description: "Create the dev cluster" From eeb257d5ab1f2d8e143b1155727526ec9515754e Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Thu, 27 Jun 2024 18:53:21 -0400 Subject: [PATCH 06/19] yamllint fixes --- src/pepr/zarf.yaml | 2 +- src/prometheus-stack/values/values.yaml | 18 +++++++++--------- src/test/app-tenant.yaml | 8 ++++---- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/pepr/zarf.yaml b/src/pepr/zarf.yaml index 11d5ec6f2..c692e95df 100644 --- a/src/pepr/zarf.yaml +++ b/src/pepr/zarf.yaml @@ -8,4 +8,4 @@ components: required: true import: path: ../../dist - name: module \ No newline at end of file + name: module diff --git a/src/prometheus-stack/values/values.yaml b/src/prometheus-stack/values/values.yaml index a7ec8d3ee..d45f495fc 100644 --- a/src/prometheus-stack/values/values.yaml +++ b/src/prometheus-stack/values/values.yaml @@ -24,16 +24,16 @@ prometheus: prometheusSpec: enableFeatures: - remote-write-receiver - additionalConfig: + additionalConfig: scrapeClasses: - - name: istio-certs - default: true - tlsConfig: - caFile: /etc/prom-certs/root-cert.pem - certFile: /etc/prom-certs/cert-chain.pem - keyFile: /etc/prom-certs/key.pem - insecureSkipVerify: true - - name: exempt + - name: istio-certs + default: true + tlsConfig: + caFile: /etc/prom-certs/root-cert.pem + certFile: /etc/prom-certs/cert-chain.pem + keyFile: /etc/prom-certs/key.pem + insecureSkipVerify: true + - name: exempt podMetadata: annotations: proxy.istio.io/config: | diff --git a/src/test/app-tenant.yaml b/src/test/app-tenant.yaml index 9b3626001..a16e89349 100644 --- a/src/test/app-tenant.yaml +++ b/src/test/app-tenant.yaml @@ -19,8 +19,8 @@ metadata: namespace: test-tenant-app spec: podMetricsEndpoints: - - path: /metrics - port: service + - path: /metrics + port: service scrapeClass: istio-certs selector: matchLabels: @@ -33,8 +33,8 @@ metadata: namespace: test-tenant-app spec: podMetricsEndpoints: - - path: /metrics - port: service + - path: /metrics + port: service scrapeClass: exempt selector: matchLabels: From dbfb30a96f046c3e3fc3852b7028786280d16135 Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Thu, 27 Jun 2024 18:55:13 -0400 Subject: [PATCH 07/19] missed a trailing space --- src/prometheus-stack/values/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/prometheus-stack/values/values.yaml b/src/prometheus-stack/values/values.yaml index d45f495fc..fe6f21d26 100644 --- a/src/prometheus-stack/values/values.yaml +++ b/src/prometheus-stack/values/values.yaml @@ -25,7 +25,7 @@ prometheus: enableFeatures: - remote-write-receiver additionalConfig: - scrapeClasses: + scrapeClasses: - name: istio-certs default: true tlsConfig: From 1f4a50f738e615b4ffd852271f3f032d35393635 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Fri, 28 Jun 2024 11:50:37 -0400 Subject: [PATCH 08/19] patch for pepr-system resource helm metadata on upgrade --- src/pepr/zarf.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/pepr/zarf.yaml b/src/pepr/zarf.yaml index c692e95df..8734a8394 100644 --- a/src/pepr/zarf.yaml +++ b/src/pepr/zarf.yaml @@ -9,3 +9,21 @@ components: import: path: ../../dist name: module + # This is temporary onDeploy action to update the mhelm metadata from zarf to the pepr chart that can be removed in a later release + actions: + onDeploy: + before: + - cmd: ./zarf tools kubectl annotate secret -n pepr-system pepr-uds-core-api-token meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate secret -n pepr-system pepr-uds-core-module meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate secret -n pepr-system pepr-uds-core-tls meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate serviceaccount -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate clusterrolebinding -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate clusterrole -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate role -n pepr-system pepr-uds-core-store meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate rolebinding -n pepr-system pepr-uds-core-store meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate service -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate service -n pepr-system pepr-uds-core-watcher meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate deployment -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate deployment -n pepr-system pepr-uds-core-watcher meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate mutatingwebhookconfiguration -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate validatingwebhookconfiguration -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true \ No newline at end of file From d36175257831ee621ae8b691595750574599dd11 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Fri, 28 Jun 2024 11:51:16 -0400 Subject: [PATCH 09/19] remove ns on global resources --- src/pepr/zarf.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pepr/zarf.yaml b/src/pepr/zarf.yaml index 8734a8394..9cde010bd 100644 --- a/src/pepr/zarf.yaml +++ b/src/pepr/zarf.yaml @@ -17,8 +17,8 @@ components: - cmd: ./zarf tools kubectl annotate secret -n pepr-system pepr-uds-core-module meta.helm.sh/release-name=module --overwrite || true - cmd: ./zarf tools kubectl annotate secret -n pepr-system pepr-uds-core-tls meta.helm.sh/release-name=module --overwrite || true - cmd: ./zarf tools kubectl annotate serviceaccount -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate clusterrolebinding -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate clusterrole -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate clusterrolebinding pepr-uds-core meta.helm.sh/release-name=module --overwrite || true + - cmd: ./zarf tools kubectl annotate clusterrole pepr-uds-core meta.helm.sh/release-name=module --overwrite || true - cmd: ./zarf tools kubectl annotate role -n pepr-system pepr-uds-core-store meta.helm.sh/release-name=module --overwrite || true - cmd: ./zarf tools kubectl annotate rolebinding -n pepr-system pepr-uds-core-store meta.helm.sh/release-name=module --overwrite || true - cmd: ./zarf tools kubectl annotate service -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true From cd8879d0b5a9915cc5deac8389eff95529c28d86 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Fri, 28 Jun 2024 11:53:21 -0400 Subject: [PATCH 10/19] lint fix --- src/pepr/zarf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pepr/zarf.yaml b/src/pepr/zarf.yaml index 9cde010bd..6765b1bb8 100644 --- a/src/pepr/zarf.yaml +++ b/src/pepr/zarf.yaml @@ -26,4 +26,4 @@ components: - cmd: ./zarf tools kubectl annotate deployment -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true - cmd: ./zarf tools kubectl annotate deployment -n pepr-system pepr-uds-core-watcher meta.helm.sh/release-name=module --overwrite || true - cmd: ./zarf tools kubectl annotate mutatingwebhookconfiguration -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate validatingwebhookconfiguration -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true \ No newline at end of file + - cmd: ./zarf tools kubectl annotate validatingwebhookconfiguration -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true From 8bf421506fec44e985e758f00105b1be56c300c8 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Fri, 28 Jun 2024 16:15:37 -0400 Subject: [PATCH 11/19] initial pass at doc updates --- docs/configuration/uds-monitoring-metrics.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/configuration/uds-monitoring-metrics.md b/docs/configuration/uds-monitoring-metrics.md index 5274d3225..098a66dec 100644 --- a/docs/configuration/uds-monitoring-metrics.md +++ b/docs/configuration/uds-monitoring-metrics.md @@ -4,10 +4,12 @@ type: docs weight: 1 --- -UDS Core leverages Pepr to handle setup of Prometheus scraping metrics endpoints, with the particular configuration necessary to work in a STRICT mTLS (Istio) environment. We handle this with both mutations of existing service monitors and generation of service monitors via the `Package` CR. +UDS Core leverages Pepr to handle setup of Prometheus scraping metrics endpoints, with the particular configuration necessary to work in a STRICT mTLS (Istio) environment. We handle this via a default scrapeClass in prometheus to handle the istio certs as well as with both mutations of existing service monitors and generation of service monitors via the `Package` CR when a monitor needs to be exempt from that tlsConfig. ## Mutations +Note: The below implementation has been deprecated in favor of a default `scrapeClass` with the file-based `tlsConfig` required for istio mTLS in prometheus automatically, supplemented with a mutation of `scrapeClass: exempt` that exempts monitors from the `tlsConfig` required for istio if the destination namespace is not istio injected (e.g. kube-system), unless the `uds/skip-sm-mutate` annotation is specified. The mutation behavior stated in the paragraph immediately below this section will be removed in a later release. + All service monitors are mutated to set the scrape scheme to HTTPS and set the TLS Config to what is required for Istio mTLS scraping (see [this doc](https://istio.io/latest/docs/ops/integrations/prometheus/#tls-settings) for details). Beyond this, no other fields are mutated. Supporting existing service monitors is useful since some charts include service monitors by default with more advanced configurations, and it is in our best interest to enable those and use them where possible. Assumptions are made about STRICT mTLS here for simplicity, based on the `istio-injection` namespace label. Without making these assumptions we would need to query `PeerAuthentication` resources or another resource to determine the exact workload mTLS posture. @@ -16,7 +18,7 @@ Note: This mutation is the default behavior for all service monitors but can be ## Package CR `monitor` field -UDS Core also supports generating service monitors from the `monitor` list in the `Package` spec. Charts do not always support service monitors, so generating them can be useful. This also provides a simplified way for other users to create service monitors, similar to the way we handle `VirtualServices` today. A full example of this can be seen below: +UDS Core also supports generating `ServiceMonitors` and/or `PodMonitors` from the `monitor` list in the `Package` spec. Charts do not always support monitors, so generating them can be useful. This also provides a simplified way for other users to create monitors, similar to the way we handle `VirtualServices` today. A full example of this can be seen below: ```yaml ... @@ -28,9 +30,16 @@ spec: targetPort: 1234 # Corresponding target port on the pod/container (for network policy) # Optional properties depending on your application description: "Metrics" # Add to customize the service monitor name + kind: ServiceMonitor # optional, kind defaults to service monitor if not specified. PodMonitor is the other valid option. podSelector: # Add if pod labels are different than `selector` (for network policy) app: barfoo path: "/mymetrics" # Add if metrics are exposed on a different path than "/metrics" + authorization: # Add if authorization is required for the metrics endpoint + credentials: + key: "example-key" + name: "example-secret" + optional: false + type: "Bearer" ``` This config is used to generate service monitors and corresponding network policies to setup scraping for your applications. The `ServiceMonitor`s will go through the mutation process to add `tlsConfig` and `scheme` to work in an istio environment. From 9a54717befd12147372d55f6d63d5bc080471fb3 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Tue, 9 Jul 2024 14:27:12 -0400 Subject: [PATCH 12/19] Update docs/configuration/uds-monitoring-metrics.md Co-authored-by: Micah Nagel --- docs/configuration/uds-monitoring-metrics.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/uds-monitoring-metrics.md b/docs/configuration/uds-monitoring-metrics.md index 098a66dec..bad32a6fa 100644 --- a/docs/configuration/uds-monitoring-metrics.md +++ b/docs/configuration/uds-monitoring-metrics.md @@ -4,7 +4,7 @@ type: docs weight: 1 --- -UDS Core leverages Pepr to handle setup of Prometheus scraping metrics endpoints, with the particular configuration necessary to work in a STRICT mTLS (Istio) environment. We handle this via a default scrapeClass in prometheus to handle the istio certs as well as with both mutations of existing service monitors and generation of service monitors via the `Package` CR when a monitor needs to be exempt from that tlsConfig. +UDS Core leverages Pepr to handle setup of Prometheus scraping metrics endpoints, with the particular configuration necessary to work in a STRICT mTLS (Istio) environment. We handle this via a default scrapeClass in prometheus to add the istio certs. When a monitor needs to be exempt from that tlsConfig a mutation is performed to leverage a plain scrape class without istio certs. ## Mutations From 177b33850e780f019a37017090ba9619a1d60354 Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Wed, 10 Jul 2024 15:06:12 -0400 Subject: [PATCH 13/19] refactor --- .../controllers/monitoring/pod-monitor.ts | 22 +++++++++++-------- .../controllers/monitoring/service-monitor.ts | 10 ++++----- .../crd/generated/package-v1alpha1.ts | 11 +++++++++- src/pepr/operator/crd/index.ts | 13 +++++++++-- .../operator/crd/sources/package/v1alpha1.ts | 1 + .../reconcilers/package-reconciler.ts | 14 +++--------- src/pepr/prometheus/index.ts | 14 +++++++----- 7 files changed, 52 insertions(+), 33 deletions(-) diff --git a/src/pepr/operator/controllers/monitoring/pod-monitor.ts b/src/pepr/operator/controllers/monitoring/pod-monitor.ts index 2b7143d00..a57c66843 100644 --- a/src/pepr/operator/controllers/monitoring/pod-monitor.ts +++ b/src/pepr/operator/controllers/monitoring/pod-monitor.ts @@ -1,9 +1,13 @@ import { V1OwnerReference } from "@kubernetes/client-node"; -import { K8s, Log } from "pepr"; +import { K8s } from "pepr"; +import { Component, setupLogger } from "../../../logger"; import { Monitor, PrometheusPodMonitor, UDSPackage } from "../../crd"; import { getOwnerRef } from "../utils"; import { generateMonitorName } from "./common"; +// configure subproject logger +const log = setupLogger(Component.OPERATOR_MONITORING); + /** * Generate a pod monitor for a pod * @@ -15,30 +19,30 @@ export async function podMonitor(pkg: UDSPackage, namespace: string) { const generation = (pkg.metadata?.generation ?? 0).toString(); const ownerRefs = getOwnerRef(pkg); - Log.debug(`Reconciling PodMonitors for ${pkgName}`); + log.debug(`Reconciling PodMonitors for ${pkgName}`); // Get the list of monitored services const monitorList = pkg.spec?.monitor ?? []; // Create a list of generated PodMonitors - const payloads: PrometheusPodMonitor.PodMonitor[] = []; + const payloads: PrometheusPodMonitor[] = []; try { for (const monitor of monitorList) { if (monitor.kind === "PodMonitor") { const payload = generatePodMonitor(monitor, namespace, pkgName, generation, ownerRefs); - Log.debug(payload, `Applying PodMonitor ${payload.metadata?.name}`); + log.debug(payload, `Applying PodMonitor ${payload.metadata?.name}`); // Apply the PodMonitor and force overwrite any existing policy - await K8s(PrometheusPodMonitor.PodMonitor).Apply(payload, { force: true }); + await K8s(PrometheusPodMonitor).Apply(payload, { force: true }); payloads.push(payload); } } // Get all related PodMonitors in the namespace - const podMonitors = await K8s(PrometheusPodMonitor.PodMonitor) + const podMonitors = await K8s(PrometheusPodMonitor) .InNamespace(namespace) .WithLabel("uds/package", pkgName) .Get(); @@ -50,8 +54,8 @@ export async function podMonitor(pkg: UDSPackage, namespace: string) { // Delete any orphaned PodMonitors for (const m of orphanedMonitor) { - Log.debug(m, `Deleting orphaned PodMonitor ${m.metadata!.name}`); - await K8s(PrometheusPodMonitor.PodMonitor).Delete(m); + log.debug(m, `Deleting orphaned PodMonitor ${m.metadata!.name}`); + await K8s(PrometheusPodMonitor).Delete(m); } } catch (err) { throw new Error(`Failed to process PodMonitors for ${pkgName}, cause: ${JSON.stringify(err)}`); @@ -70,7 +74,7 @@ export function generatePodMonitor( ) { const { selector, portName } = monitor; const name = generateMonitorName(pkgName, monitor); - const payload: PrometheusPodMonitor.PodMonitor = { + const payload: PrometheusPodMonitor = { metadata: { name, namespace, diff --git a/src/pepr/operator/controllers/monitoring/service-monitor.ts b/src/pepr/operator/controllers/monitoring/service-monitor.ts index 13995bdd6..d5bdf1d72 100644 --- a/src/pepr/operator/controllers/monitoring/service-monitor.ts +++ b/src/pepr/operator/controllers/monitoring/service-monitor.ts @@ -26,7 +26,7 @@ export async function serviceMonitor(pkg: UDSPackage, namespace: string) { const monitorList = pkg.spec?.monitor ?? []; // Create a list of generated ServiceMonitors - const payloads: PrometheusServiceMonitor.ServiceMonitor[] = []; + const payloads: PrometheusServiceMonitor[] = []; try { for (const monitor of monitorList) { @@ -36,14 +36,14 @@ export async function serviceMonitor(pkg: UDSPackage, namespace: string) { log.debug(payload, `Applying ServiceMonitor ${payload.metadata?.name}`); // Apply the ServiceMonitor and force overwrite any existing policy - await K8s(PrometheusServiceMonitor.ServiceMonitor).Apply(payload, { force: true }); + await K8s(PrometheusServiceMonitor).Apply(payload, { force: true }); payloads.push(payload); } } // Get all related ServiceMonitors in the namespace - const serviceMonitors = await K8s(PrometheusServiceMonitor.ServiceMonitor) + const serviceMonitors = await K8s(PrometheusServiceMonitor) .InNamespace(namespace) .WithLabel("uds/package", pkgName) .Get(); @@ -56,7 +56,7 @@ export async function serviceMonitor(pkg: UDSPackage, namespace: string) { // Delete any orphaned ServiceMonitors for (const m of orphanedMonitor) { log.debug(m, `Deleting orphaned ServiceMonitor ${m.metadata!.name}`); - await K8s(PrometheusServiceMonitor.ServiceMonitor).Delete(m); + await K8s(PrometheusServiceMonitor).Delete(m); } } catch (err) { throw new Error( @@ -77,7 +77,7 @@ export function generateServiceMonitor( ) { const { selector, portName } = monitor; const name = generateMonitorName(pkgName, monitor); - const payload: PrometheusServiceMonitor.ServiceMonitor = { + const payload: PrometheusServiceMonitor = { metadata: { name, namespace, diff --git a/src/pepr/operator/crd/generated/package-v1alpha1.ts b/src/pepr/operator/crd/generated/package-v1alpha1.ts index c474457ff..e413bcf65 100644 --- a/src/pepr/operator/crd/generated/package-v1alpha1.ts +++ b/src/pepr/operator/crd/generated/package-v1alpha1.ts @@ -35,7 +35,7 @@ export interface Monitor { * The type of monitor to create; PodMonitor or ServiceMonitor. ServiceMonitor is the * default. */ - kind?: string; + kind?: Kind; /** * HTTP path from which to scrape for metrics, defaults to `/metrics` */ @@ -96,6 +96,15 @@ export interface Credentials { optional?: boolean; } +/** + * The type of monitor to create; PodMonitor or ServiceMonitor. ServiceMonitor is the + * default. + */ +export enum Kind { + PodMonitor = "PodMonitor", + ServiceMonitor = "ServiceMonitor", +} + /** * Network configuration for the package */ diff --git a/src/pepr/operator/crd/index.ts b/src/pepr/operator/crd/index.ts index a7e5e9bdb..62c731470 100644 --- a/src/pepr/operator/crd/index.ts +++ b/src/pepr/operator/crd/index.ts @@ -33,5 +33,14 @@ export { ServiceEntry as IstioServiceEntry, } from "./generated/istio/serviceentry-v1beta1"; -export * as PrometheusPodMonitor from "./generated/prometheus/podmonitor-v1"; -export * as PrometheusServiceMonitor from "./generated/prometheus/servicemonitor-v1"; +// export * as PrometheusPodMonitor from "./generated/prometheus/podmonitor-v1"; +// export * as PrometheusServiceMonitor from "./generated/prometheus/servicemonitor-v1"; +export { + Scheme as PodMonitorScheme, + PodMonitor as PrometheusPodMonitor, +} from "./generated/prometheus/podmonitor-v1"; +export { + ServiceMonitor as PrometheusServiceMonitor, + Endpoint as ServiceMonitorEndpoint, + Scheme as ServiceMonitorScheme, +} from "./generated/prometheus/servicemonitor-v1"; diff --git a/src/pepr/operator/crd/sources/package/v1alpha1.ts b/src/pepr/operator/crd/sources/package/v1alpha1.ts index 005c196ce..6bc81e2e3 100644 --- a/src/pepr/operator/crd/sources/package/v1alpha1.ts +++ b/src/pepr/operator/crd/sources/package/v1alpha1.ts @@ -239,6 +239,7 @@ const monitor = { kind: { description: "The type of monitor to create; PodMonitor or ServiceMonitor. ServiceMonitor is the default.", + enum: ["PodMonitor", "ServiceMonitor"], type: "string", }, authorization: AuthorizationSchema, diff --git a/src/pepr/operator/reconcilers/package-reconciler.ts b/src/pepr/operator/reconcilers/package-reconciler.ts index 62a576402..b14d0c534 100644 --- a/src/pepr/operator/reconcilers/package-reconciler.ts +++ b/src/pepr/operator/reconcilers/package-reconciler.ts @@ -51,18 +51,10 @@ export async function packageReconciler(pkg: UDSPackage) { endpoints = await istioResources(pkg, namespace!); // Only configure the ServiceMonitors if not running in single test mode - let monitors: string[] = []; + const monitors: string[] = []; if (!UDSConfig.isSingleTest) { - if (pkg.spec?.monitor) { - for (const monitor of pkg.spec.monitor) { - const monitorKind = monitor.kind || "ServiceMonitor"; // Default to "ServiceMonitor" if kind is undefined - if (monitorKind === "PodMonitor") { - monitors = await podMonitor(pkg, namespace!); - } else if (monitorKind === "ServiceMonitor") { - monitors = await serviceMonitor(pkg, namespace!); - } - } - } + monitors.push(...(await podMonitor(pkg, namespace!))); + monitors.push(...(await serviceMonitor(pkg, namespace!))); } else { log.warn(`Running in single test mode, skipping ${name} Monitors.`); } diff --git a/src/pepr/prometheus/index.ts b/src/pepr/prometheus/index.ts index d4a77b1a8..04886748f 100644 --- a/src/pepr/prometheus/index.ts +++ b/src/pepr/prometheus/index.ts @@ -1,6 +1,10 @@ import { Capability, K8s, kind } from "pepr"; import { Component, setupLogger } from "../logger"; -import { PrometheusServiceMonitor } from "../operator/crd"; +import { + PrometheusServiceMonitor, + ServiceMonitorEndpoint, + ServiceMonitorScheme, +} from "../operator/crd"; // configure subproject logger const log = setupLogger(Component.PROMETHEUS); @@ -15,7 +19,7 @@ const { When } = prometheus; /** * Mutate a service monitor to enable mTLS metrics */ -When(PrometheusServiceMonitor.ServiceMonitor) +When(PrometheusServiceMonitor) .IsCreatedOrUpdated() .Mutate(async sm => { // Provide an opt-out of mutation to handle complicated scenarios @@ -46,9 +50,9 @@ When(PrometheusServiceMonitor.ServiceMonitor) keyFile: "/etc/prom-certs/key.pem", insecureSkipVerify: true, }; - const endpoints: PrometheusServiceMonitor.Endpoint[] = sm.Raw.spec.endpoints; + const endpoints: ServiceMonitorEndpoint[] = sm.Raw.spec.endpoints; endpoints.forEach(endpoint => { - endpoint.scheme = PrometheusServiceMonitor.Scheme.HTTPS; + endpoint.scheme = ServiceMonitorScheme.HTTPS; endpoint.tlsConfig = tlsConfig; }); sm.Raw.spec.endpoints = endpoints; @@ -63,7 +67,7 @@ When(PrometheusServiceMonitor.ServiceMonitor) } }); -async function isIstioInjected(sm: PrometheusServiceMonitor.ServiceMonitor) { +async function isIstioInjected(sm: PrometheusServiceMonitor) { const namespaces = sm.Raw.spec?.namespaceSelector?.matchNames || [sm.Raw.metadata?.namespace] || [ "default", ]; From dd9d11cb04a7ad9bbbcc0bbf30c3be84fc89c57e Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Wed, 10 Jul 2024 15:39:59 -0400 Subject: [PATCH 14/19] update conditional checks --- src/pepr/operator/controllers/monitoring/pod-monitor.ts | 3 ++- src/pepr/operator/controllers/monitoring/service-monitor.ts | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/pepr/operator/controllers/monitoring/pod-monitor.ts b/src/pepr/operator/controllers/monitoring/pod-monitor.ts index a57c66843..2ac1c2e11 100644 --- a/src/pepr/operator/controllers/monitoring/pod-monitor.ts +++ b/src/pepr/operator/controllers/monitoring/pod-monitor.ts @@ -2,6 +2,7 @@ import { V1OwnerReference } from "@kubernetes/client-node"; import { K8s } from "pepr"; import { Component, setupLogger } from "../../../logger"; import { Monitor, PrometheusPodMonitor, UDSPackage } from "../../crd"; +import { Kind } from "../../crd/generated/package-v1alpha1"; import { getOwnerRef } from "../utils"; import { generateMonitorName } from "./common"; @@ -29,7 +30,7 @@ export async function podMonitor(pkg: UDSPackage, namespace: string) { try { for (const monitor of monitorList) { - if (monitor.kind === "PodMonitor") { + if (monitor.kind === Kind.PodMonitor) { const payload = generatePodMonitor(monitor, namespace, pkgName, generation, ownerRefs); log.debug(payload, `Applying PodMonitor ${payload.metadata?.name}`); diff --git a/src/pepr/operator/controllers/monitoring/service-monitor.ts b/src/pepr/operator/controllers/monitoring/service-monitor.ts index d5bdf1d72..f8a2c4ebe 100644 --- a/src/pepr/operator/controllers/monitoring/service-monitor.ts +++ b/src/pepr/operator/controllers/monitoring/service-monitor.ts @@ -2,7 +2,8 @@ import { K8s } from "pepr"; import { V1OwnerReference } from "@kubernetes/client-node"; import { Component, setupLogger } from "../../../logger"; -import { Monitor, PrometheusServiceMonitor, UDSPackage } from "../../crd"; +import { Monitor, PrometheusServiceMonitor, UDSPackage, } from "../../crd"; +import { Kind } from "../../crd/generated/package-v1alpha1"; import { getOwnerRef } from "../utils"; import { generateMonitorName } from "./common"; @@ -30,7 +31,7 @@ export async function serviceMonitor(pkg: UDSPackage, namespace: string) { try { for (const monitor of monitorList) { - if (monitor.kind !== "PodMonitor") { + if (monitor.kind !== Kind.PodMonitor) { const payload = generateServiceMonitor(monitor, namespace, pkgName, generation, ownerRefs); log.debug(payload, `Applying ServiceMonitor ${payload.metadata?.name}`); From 06d0449174abef6cce71c9ee6f147e74936e0daa Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Wed, 10 Jul 2024 16:19:36 -0400 Subject: [PATCH 15/19] pepr format --- src/pepr/operator/controllers/monitoring/service-monitor.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pepr/operator/controllers/monitoring/service-monitor.ts b/src/pepr/operator/controllers/monitoring/service-monitor.ts index f8a2c4ebe..641c9e86c 100644 --- a/src/pepr/operator/controllers/monitoring/service-monitor.ts +++ b/src/pepr/operator/controllers/monitoring/service-monitor.ts @@ -2,7 +2,7 @@ import { K8s } from "pepr"; import { V1OwnerReference } from "@kubernetes/client-node"; import { Component, setupLogger } from "../../../logger"; -import { Monitor, PrometheusServiceMonitor, UDSPackage, } from "../../crd"; +import { Monitor, PrometheusServiceMonitor, UDSPackage } from "../../crd"; import { Kind } from "../../crd/generated/package-v1alpha1"; import { getOwnerRef } from "../utils"; import { generateMonitorName } from "./common"; From b9d78dfdeb227ff5e411fb7a59d6fd2a469f5bbe Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Thu, 11 Jul 2024 14:23:40 -0400 Subject: [PATCH 16/19] fix issue from merge conflict resolution --- src/pepr/operator/crd/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pepr/operator/crd/index.ts b/src/pepr/operator/crd/index.ts index 5282b4493..4695b2e21 100644 --- a/src/pepr/operator/crd/index.ts +++ b/src/pepr/operator/crd/index.ts @@ -49,4 +49,4 @@ export { AuthorizationPolicy as IstioAuthorizationPolicy, } from "./generated/istio/authorizationpolicy-v1beta1"; export { RequestAuthentication as IstioRequestAuthentication } from "./generated/istio/requestauthentication-v1"; -export * as Prometheus from "./generated/prometheus/servicemonitor-v1"; + From acd6403da6d4709336856f1234ae86eed2b1f5c8 Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Thu, 11 Jul 2024 14:26:49 -0400 Subject: [PATCH 17/19] lint fix --- src/pepr/operator/crd/index.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/pepr/operator/crd/index.ts b/src/pepr/operator/crd/index.ts index 4695b2e21..d92e14d2a 100644 --- a/src/pepr/operator/crd/index.ts +++ b/src/pepr/operator/crd/index.ts @@ -49,4 +49,3 @@ export { AuthorizationPolicy as IstioAuthorizationPolicy, } from "./generated/istio/authorizationpolicy-v1beta1"; export { RequestAuthentication as IstioRequestAuthentication } from "./generated/istio/requestauthentication-v1"; - From 7d557a4fec43b9fd6d3b8bc9f3b684e63385b7ac Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Thu, 11 Jul 2024 15:07:28 -0400 Subject: [PATCH 18/19] fix typo in metrics service monitor yaml --- src/metrics-server/chart/templates/service-monitor.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/metrics-server/chart/templates/service-monitor.yaml b/src/metrics-server/chart/templates/service-monitor.yaml index d7c603693..390875164 100644 --- a/src/metrics-server/chart/templates/service-monitor.yaml +++ b/src/metrics-server/chart/templates/service-monitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - annotation: + annotations: uds/skip-sm-mutate: "true" name: metrics-server-metrics namespace: metrics-server From 3d4c57a715dbbfc91d6fde480c66477e988c53c3 Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Thu, 11 Jul 2024 16:06:40 -0400 Subject: [PATCH 19/19] remove pepr conversion to chart due to extra env issue --- packages/slim-dev/zarf.yaml | 2 +- packages/standard/zarf.yaml | 2 +- src/pepr/values/values.yaml | 25 ------------------------- src/pepr/zarf.yaml | 29 ----------------------------- tasks/create.yaml | 2 +- 5 files changed, 3 insertions(+), 57 deletions(-) delete mode 100644 src/pepr/values/values.yaml delete mode 100644 src/pepr/zarf.yaml diff --git a/packages/slim-dev/zarf.yaml b/packages/slim-dev/zarf.yaml index 9e37e1119..c7f0e40a4 100644 --- a/packages/slim-dev/zarf.yaml +++ b/packages/slim-dev/zarf.yaml @@ -44,7 +44,7 @@ components: - name: pepr-uds-core required: true import: - path: ../../src/pepr + path: ../../dist name: module # Keycloak diff --git a/packages/standard/zarf.yaml b/packages/standard/zarf.yaml index b1bbdf2fb..196275fd3 100644 --- a/packages/standard/zarf.yaml +++ b/packages/standard/zarf.yaml @@ -44,7 +44,7 @@ components: - name: pepr-uds-core required: true import: - path: ../../src/pepr + path: ../../dist name: module # Metrics Server diff --git a/src/pepr/values/values.yaml b/src/pepr/values/values.yaml deleted file mode 100644 index 0f0196c7b..000000000 --- a/src/pepr/values/values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# admission: -# terminationGracePeriodSeconds: 5 -# failurePolicy: 'Fail' -# env: -# - name: 'PEPR_WATCH_MODE' -# value: 'false' -# - name: 'PEPR_PRETTY_LOG' -# value: 'false' -# - name: 'LOG_LEVEL' -# value: 'info' -# watcher: -# env: -# - name: 'PEPR_WATCH_MODE' -# value: 'true' -# - name: 'PEPR_PRETTY_LOG' -# value: 'false' -# - name: 'LOG_LEVEL' -# value: 'info' -# resources: -# requests: -# memory: '64Mi' -# cpu: '100m' -# limits: -# memory: '256Mi' -# cpu: '500m' diff --git a/src/pepr/zarf.yaml b/src/pepr/zarf.yaml deleted file mode 100644 index 6765b1bb8..000000000 --- a/src/pepr/zarf.yaml +++ /dev/null @@ -1,29 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: pepr-uds-core - description: 'Pepr Module: A collection of capabilities for UDS Core' - url: https://github.com/defenseunicorns/pepr -components: - - name: module - required: true - import: - path: ../../dist - name: module - # This is temporary onDeploy action to update the mhelm metadata from zarf to the pepr chart that can be removed in a later release - actions: - onDeploy: - before: - - cmd: ./zarf tools kubectl annotate secret -n pepr-system pepr-uds-core-api-token meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate secret -n pepr-system pepr-uds-core-module meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate secret -n pepr-system pepr-uds-core-tls meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate serviceaccount -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate clusterrolebinding pepr-uds-core meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate clusterrole pepr-uds-core meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate role -n pepr-system pepr-uds-core-store meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate rolebinding -n pepr-system pepr-uds-core-store meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate service -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate service -n pepr-system pepr-uds-core-watcher meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate deployment -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate deployment -n pepr-system pepr-uds-core-watcher meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate mutatingwebhookconfiguration -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true - - cmd: ./zarf tools kubectl annotate validatingwebhookconfiguration -n pepr-system pepr-uds-core meta.helm.sh/release-name=module --overwrite || true diff --git a/tasks/create.yaml b/tasks/create.yaml index f777d6250..93e8f198a 100644 --- a/tasks/create.yaml +++ b/tasks/create.yaml @@ -63,4 +63,4 @@ tasks: CUSTOM_PEPR_IMAGE=$( [ "${FLAVOR}" = "registry1" ] && echo "--custom-image ${REGISTRY1_PEPR_IMAGE}" ) || CUSTOM_PEPR_IMAGE="" rm -fr dist npm ci - npx pepr build $CUSTOM_PEPR_IMAGE -z chart + npx pepr build $CUSTOM_PEPR_IMAGE