-(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig) +(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfig, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
BasicAuth configures HTTP Basic Authentication settings.
@@ -11196,7 +11196,7 @@ Examples:45ms, 30s, 1m, 1h20m15sHTTPConfig
-(Appears on:AlertmanagerGlobalConfig)
+(Appears on:AlertmanagerGlobalConfig, PodMetricsEndpoint)
HTTPConfig defines the configuration for the HTTP client.
@@ -11749,7 +11749,7 @@ Examples: 30s, 1m, 1h20m15s, 15dOAuth2
-(Appears on:Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
+(Appears on:Endpoint, HTTPConfig, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
OAuth2 configures OAuth2 settings.
@@ -12313,37 +12313,6 @@ The value cannot be greater than the scrape interval otherwise the operator will
-tlsConfig
-
-
-SafeTLSConfig
-
-
-
-
-(Optional)
-tlsConfig defines the TLS configuration to use when scraping the target.
-
-
-
-
-bearerTokenSecret
-
-
-Kubernetes core/v1.SecretKeySelector
-
-
-
-
-(Optional)
-bearerTokenSecret defines a key of a Secret containing the bearer
-token for scraping targets. The secret needs to be in the same namespace
-as the PodMonitor object and readable by the Prometheus Operator.
-Deprecated: use authorization instead.
-
-
-
-
honorLabels
bool
@@ -12385,54 +12354,6 @@ Has no effect if honorTimestamps is false.
-basicAuth
-
-
-BasicAuth
-
-
-
-
-(Optional)
-basicAuth defines the Basic Authentication credentials to use when
-scraping the target.
-Cannot be set at the same time as authorization, or oauth2.
-
-
-
-
-oauth2
-
-
-OAuth2
-
-
-
-
-(Optional)
-oauth2 defines the OAuth2 settings to use when scraping the target.
-It requires Prometheus >= 2.27.0.
-Cannot be set at the same time as authorization, or basicAuth.
-
-
-
-
-authorization
-
-
-SafeAuthorization
-
-
-
-
-(Optional)
-authorization defines the Authorization header credentials to use when
-scraping the target.
-Cannot be set at the same time as basicAuth, or oauth2.
-
-
-
-
metricRelabelings
@@ -12466,6 +12387,102 @@ metadata labels.
+filterRunning
+
+bool
+
+
+
+(Optional)
+filterRunning when true, the pods which are not running (e.g. either in Failed or
+Succeeded state) are dropped during the target discovery.
+If unset, the filtering is enabled.
+More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
+
+
+
+
+authorization
+
+
+SafeAuthorization
+
+
+
+
+(Optional)
+authorization configures the Authorization header credentials used by
+the client.
+Cannot be set at the same time as basicAuth, bearerTokenSecret or oauth2.
+
+
+
+
+basicAuth
+
+
+BasicAuth
+
+
+
+
+(Optional)
+basicAuth defines the Basic Authentication credentials used by the
+client.
+Cannot be set at the same time as authorization, bearerTokenSecret or oauth2.
+
+
+
+
+oauth2
+
+
+OAuth2
+
+
+
+
+(Optional)
+oauth2 defines the OAuth2 settings used by the client.
+It requires Prometheus >= 2.27.0.
+Cannot be set at the same time as authorization, basicAuth or bearerTokenSecret.
+
+
+
+
+bearerTokenSecret
+
+
+Kubernetes core/v1.SecretKeySelector
+
+
+
+
+(Optional)
+bearerTokenSecret defines a key of a Secret containing the bearer token
+used by the client for authentication. The secret needs to be in the
+same namespace as the custom resource and readable by the Prometheus
+Operator.
+Cannot be set at the same time as authorization, basicAuth or oauth2.
+Deprecated: use authorization instead.
+
+
+
+
+tlsConfig
+
+
+SafeTLSConfig
+
+
+
+
+(Optional)
+tlsConfig defines the TLS configuration used by the client.
+
+
+
+
proxyUrl
string
@@ -12529,8 +12546,8 @@ bool
(Optional)
-followRedirects defines whether the scrape requests should follow HTTP
-3xx redirects.
+followRedirects defines whether the client should follow HTTP 3xx
+redirects.
@@ -12542,22 +12559,7 @@ bool
(Optional)
-enableHttp2 can be used to disable HTTP2 when scraping the target.
-
-
-
-
-filterRunning
-
-bool
-
-
-
-(Optional)
-filterRunning when true, the pods which are not running (e.g. either in Failed or
-Succeeded state) are dropped during the target discovery.
-If unset, the filtering is enabled.
-More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
+enableHttp2 can be used to disable HTTP2.
@@ -16014,7 +16016,7 @@ A zero value means that Prometheus doesn’t accept any incoming connection.
ProxyConfig
-(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfig, OAuth2, PodMetricsEndpoint, ProberSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, HTTPConfig)
+(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfig, OAuth2, ProberSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, HTTPConfig)
@@ -17502,7 +17504,7 @@ See: https://tip.golang.org/d
SafeAuthorization
-(Appears on:AlertmanagerEndpoints, Authorization, Endpoint, HTTPConfig, PodMetricsEndpoint, ProbeSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
+(Appears on:AlertmanagerEndpoints, Authorization, Endpoint, HTTPConfig, ProbeSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
SafeAuthorization specifies a subset of the Authorization struct, that is
@@ -17550,7 +17552,7 @@ Kubernetes core/v1.SecretKeySelector
SafeTLSConfig
-(Appears on:ClusterTLSConfig, GlobalSMTPConfig, HTTPConfig, OAuth2, PodMetricsEndpoint, ProbeSpec, TLSConfig, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EmailConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OpenStackSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, EmailConfig, HTTPConfig)
+(Appears on:ClusterTLSConfig, GlobalSMTPConfig, HTTPConfig, OAuth2, ProbeSpec, TLSConfig, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EmailConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OpenStackSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, EmailConfig, HTTPConfig)
SafeTLSConfig specifies safe TLS configuration parameters.
diff --git a/bundle.yaml b/bundle.yaml
index 948a9fda8..8f9ab1e3a 100644
--- a/bundle.yaml
+++ b/bundle.yaml
@@ -22102,10 +22102,10 @@ spec:
properties:
authorization:
description: |-
- authorization defines the Authorization header credentials to use when
- scraping the target.
+ authorization configures the Authorization header credentials used by
+ the client.
- Cannot be set at the same time as `basicAuth`, or `oauth2`.
+ Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.
properties:
credentials:
description: credentials defines a key of a Secret in the
@@ -22143,10 +22143,10 @@ spec:
type: object
basicAuth:
description: |-
- basicAuth defines the Basic Authentication credentials to use when
- scraping the target.
+ basicAuth defines the Basic Authentication credentials used by the
+ client.
- Cannot be set at the same time as `authorization`, or `oauth2`.
+ Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.
properties:
password:
description: |-
@@ -22203,9 +22203,12 @@ spec:
type: object
bearerTokenSecret:
description: |-
- bearerTokenSecret defines a key of a Secret containing the bearer
- token for scraping targets. The secret needs to be in the same namespace
- as the PodMonitor object and readable by the Prometheus Operator.
+ bearerTokenSecret defines a key of a Secret containing the bearer token
+ used by the client for authentication. The secret needs to be in the
+ same namespace as the custom resource and readable by the Prometheus
+ Operator.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.
Deprecated: use `authorization` instead.
properties:
@@ -22231,8 +22234,7 @@ spec:
type: object
x-kubernetes-map-type: atomic
enableHttp2:
- description: enableHttp2 can be used to disable HTTP2 when scraping
- the target.
+ description: enableHttp2 can be used to disable HTTP2.
type: boolean
filterRunning:
description: |-
@@ -22245,8 +22247,8 @@ spec:
type: boolean
followRedirects:
description: |-
- followRedirects defines whether the scrape requests should follow HTTP
- 3xx redirects.
+ followRedirects defines whether the client should follow HTTP 3xx
+ redirects.
type: boolean
honorLabels:
description: |-
@@ -22364,11 +22366,11 @@ spec:
type: string
oauth2:
description: |-
- oauth2 defines the OAuth2 settings to use when scraping the target.
+ oauth2 defines the OAuth2 settings used by the client.
It requires Prometheus >= 2.27.0.
- Cannot be set at the same time as `authorization`, or `basicAuth`.
+ Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.
properties:
clientId:
description: |-
@@ -22892,8 +22894,8 @@ spec:
Deprecated: use 'port' or 'portNumber' instead.
x-kubernetes-int-or-string: true
tlsConfig:
- description: tlsConfig defines the TLS configuration to use
- when scraping the target.
+ description: tlsConfig defines the TLS configuration used by
+ the client.
properties:
ca:
description: ca defines the Certificate authority used when
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml
index 84ea7be69..638e9a8c7 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml
@@ -179,10 +179,10 @@ spec:
properties:
authorization:
description: |-
- authorization defines the Authorization header credentials to use when
- scraping the target.
+ authorization configures the Authorization header credentials used by
+ the client.
- Cannot be set at the same time as `basicAuth`, or `oauth2`.
+ Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.
properties:
credentials:
description: credentials defines a key of a Secret in the
@@ -220,10 +220,10 @@ spec:
type: object
basicAuth:
description: |-
- basicAuth defines the Basic Authentication credentials to use when
- scraping the target.
+ basicAuth defines the Basic Authentication credentials used by the
+ client.
- Cannot be set at the same time as `authorization`, or `oauth2`.
+ Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.
properties:
password:
description: |-
@@ -280,9 +280,12 @@ spec:
type: object
bearerTokenSecret:
description: |-
- bearerTokenSecret defines a key of a Secret containing the bearer
- token for scraping targets. The secret needs to be in the same namespace
- as the PodMonitor object and readable by the Prometheus Operator.
+ bearerTokenSecret defines a key of a Secret containing the bearer token
+ used by the client for authentication. The secret needs to be in the
+ same namespace as the custom resource and readable by the Prometheus
+ Operator.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.
Deprecated: use `authorization` instead.
properties:
@@ -308,8 +311,7 @@ spec:
type: object
x-kubernetes-map-type: atomic
enableHttp2:
- description: enableHttp2 can be used to disable HTTP2 when scraping
- the target.
+ description: enableHttp2 can be used to disable HTTP2.
type: boolean
filterRunning:
description: |-
@@ -322,8 +324,8 @@ spec:
type: boolean
followRedirects:
description: |-
- followRedirects defines whether the scrape requests should follow HTTP
- 3xx redirects.
+ followRedirects defines whether the client should follow HTTP 3xx
+ redirects.
type: boolean
honorLabels:
description: |-
@@ -441,11 +443,11 @@ spec:
type: string
oauth2:
description: |-
- oauth2 defines the OAuth2 settings to use when scraping the target.
+ oauth2 defines the OAuth2 settings used by the client.
It requires Prometheus >= 2.27.0.
- Cannot be set at the same time as `authorization`, or `basicAuth`.
+ Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.
properties:
clientId:
description: |-
@@ -969,8 +971,8 @@ spec:
Deprecated: use 'port' or 'portNumber' instead.
x-kubernetes-int-or-string: true
tlsConfig:
- description: tlsConfig defines the TLS configuration to use
- when scraping the target.
+ description: tlsConfig defines the TLS configuration used by
+ the client.
properties:
ca:
description: ca defines the Certificate authority used when
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
index 8f4211c7e..d898435b9 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
@@ -180,10 +180,10 @@ spec:
properties:
authorization:
description: |-
- authorization defines the Authorization header credentials to use when
- scraping the target.
+ authorization configures the Authorization header credentials used by
+ the client.
- Cannot be set at the same time as `basicAuth`, or `oauth2`.
+ Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.
properties:
credentials:
description: credentials defines a key of a Secret in the
@@ -221,10 +221,10 @@ spec:
type: object
basicAuth:
description: |-
- basicAuth defines the Basic Authentication credentials to use when
- scraping the target.
+ basicAuth defines the Basic Authentication credentials used by the
+ client.
- Cannot be set at the same time as `authorization`, or `oauth2`.
+ Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.
properties:
password:
description: |-
@@ -281,9 +281,12 @@ spec:
type: object
bearerTokenSecret:
description: |-
- bearerTokenSecret defines a key of a Secret containing the bearer
- token for scraping targets. The secret needs to be in the same namespace
- as the PodMonitor object and readable by the Prometheus Operator.
+ bearerTokenSecret defines a key of a Secret containing the bearer token
+ used by the client for authentication. The secret needs to be in the
+ same namespace as the custom resource and readable by the Prometheus
+ Operator.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.
Deprecated: use `authorization` instead.
properties:
@@ -309,8 +312,7 @@ spec:
type: object
x-kubernetes-map-type: atomic
enableHttp2:
- description: enableHttp2 can be used to disable HTTP2 when scraping
- the target.
+ description: enableHttp2 can be used to disable HTTP2.
type: boolean
filterRunning:
description: |-
@@ -323,8 +325,8 @@ spec:
type: boolean
followRedirects:
description: |-
- followRedirects defines whether the scrape requests should follow HTTP
- 3xx redirects.
+ followRedirects defines whether the client should follow HTTP 3xx
+ redirects.
type: boolean
honorLabels:
description: |-
@@ -442,11 +444,11 @@ spec:
type: string
oauth2:
description: |-
- oauth2 defines the OAuth2 settings to use when scraping the target.
+ oauth2 defines the OAuth2 settings used by the client.
It requires Prometheus >= 2.27.0.
- Cannot be set at the same time as `authorization`, or `basicAuth`.
+ Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.
properties:
clientId:
description: |-
@@ -970,8 +972,8 @@ spec:
Deprecated: use 'port' or 'portNumber' instead.
x-kubernetes-int-or-string: true
tlsConfig:
- description: tlsConfig defines the TLS configuration to use
- when scraping the target.
+ description: tlsConfig defines the TLS configuration used by
+ the client.
properties:
ca:
description: ca defines the Certificate authority used when
diff --git a/jsonnet/prometheus-operator/podmonitors-crd.json b/jsonnet/prometheus-operator/podmonitors-crd.json
index f3ca7b8da..60840f054 100644
--- a/jsonnet/prometheus-operator/podmonitors-crd.json
+++ b/jsonnet/prometheus-operator/podmonitors-crd.json
@@ -139,7 +139,7 @@
"description": "PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus.",
"properties": {
"authorization": {
- "description": "authorization defines the Authorization header credentials to use when\nscraping the target.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.",
+ "description": "authorization configures the Authorization header credentials used by\nthe client.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.",
"properties": {
"credentials": {
"description": "credentials defines a key of a Secret in the namespace that contains the credentials for authentication.",
@@ -172,7 +172,7 @@
"type": "object"
},
"basicAuth": {
- "description": "basicAuth defines the Basic Authentication credentials to use when\nscraping the target.\n\nCannot be set at the same time as `authorization`, or `oauth2`.",
+ "description": "basicAuth defines the Basic Authentication credentials used by the\nclient.\n\nCannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.",
"properties": {
"password": {
"description": "password defines a key of a Secret containing the password for\nauthentication.",
@@ -224,7 +224,7 @@
"type": "object"
},
"bearerTokenSecret": {
- "description": "bearerTokenSecret defines a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the PodMonitor object and readable by the Prometheus Operator.\n\nDeprecated: use `authorization` instead.",
+ "description": "bearerTokenSecret defines a key of a Secret containing the bearer token\nused by the client for authentication. The secret needs to be in the\nsame namespace as the custom resource and readable by the Prometheus\nOperator.\n\nCannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.\n\nDeprecated: use `authorization` instead.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
@@ -247,7 +247,7 @@
"x-kubernetes-map-type": "atomic"
},
"enableHttp2": {
- "description": "enableHttp2 can be used to disable HTTP2 when scraping the target.",
+ "description": "enableHttp2 can be used to disable HTTP2.",
"type": "boolean"
},
"filterRunning": {
@@ -255,7 +255,7 @@
"type": "boolean"
},
"followRedirects": {
- "description": "followRedirects defines whether the scrape requests should follow HTTP\n3xx redirects.",
+ "description": "followRedirects defines whether the client should follow HTTP 3xx\nredirects.",
"type": "boolean"
},
"honorLabels": {
@@ -344,7 +344,7 @@
"type": "string"
},
"oauth2": {
- "description": "oauth2 defines the OAuth2 settings to use when scraping the target.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.",
+ "description": "oauth2 defines the OAuth2 settings used by the client.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.",
"properties": {
"clientId": {
"description": "clientId defines a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.",
@@ -812,7 +812,7 @@
"x-kubernetes-int-or-string": true
},
"tlsConfig": {
- "description": "tlsConfig defines the TLS configuration to use when scraping the target.",
+ "description": "tlsConfig defines the TLS configuration used by the client.",
"properties": {
"ca": {
"description": "ca defines the Certificate authority used when verifying server certificates.",
diff --git a/pkg/alertmanager/amcfg.go b/pkg/alertmanager/amcfg.go
index adbdae94b..c47108b4e 100644
--- a/pkg/alertmanager/amcfg.go
+++ b/pkg/alertmanager/amcfg.go
@@ -36,6 +36,7 @@ import (
sortutil "github.com/prometheus-operator/prometheus-operator/internal/sortutil"
"github.com/prometheus-operator/prometheus-operator/pkg/alertmanager/validation"
+ validationv1 "github.com/prometheus-operator/prometheus-operator/pkg/alertmanager/validation/v1"
monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1"
"github.com/prometheus-operator/prometheus-operator/pkg/assets"
@@ -281,7 +282,7 @@ func (cb *ConfigBuilder) initializeFromAlertmanagerConfig(ctx context.Context, g
return err
}
- if err := checkAlertmanagerGlobalConfigResource(globalConfig); err != nil {
+ if err := validationv1.ValidateAlertmanagerGlobalConfig(globalConfig); err != nil {
return err
}
diff --git a/pkg/alertmanager/operator.go b/pkg/alertmanager/operator.go
index 6eb11bdd8..db51bb378 100644
--- a/pkg/alertmanager/operator.go
+++ b/pkg/alertmanager/operator.go
@@ -42,7 +42,6 @@ import (
"github.com/prometheus-operator/prometheus-operator/pkg/alertmanager/clustertlsconfig"
"github.com/prometheus-operator/prometheus-operator/pkg/alertmanager/validation"
- validationv1 "github.com/prometheus-operator/prometheus-operator/pkg/alertmanager/validation/v1"
validationv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/alertmanager/validation/v1alpha1"
monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
monitoringv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1"
@@ -1920,7 +1919,3 @@ func ApplyConfigurationFromAlertmanager(a *monitoringv1.Alertmanager, updateScal
return monitoringv1ac.Alertmanager(a.Name, a.Namespace).WithStatus(asac)
}
-
-func checkAlertmanagerGlobalConfigResource(gc *monitoringv1.AlertmanagerGlobalConfig) error {
- return validationv1.ValidateAlertmanagerGlobalConfig(gc)
-}
diff --git a/pkg/alertmanager/validation/v1/validation.go b/pkg/alertmanager/validation/v1/validation.go
index 754dc14b8..c8e64d72f 100644
--- a/pkg/alertmanager/validation/v1/validation.go
+++ b/pkg/alertmanager/validation/v1/validation.go
@@ -15,6 +15,8 @@
package v1
import (
+ "fmt"
+
monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
)
@@ -23,10 +25,8 @@ func ValidateAlertmanagerGlobalConfig(gc *monitoringv1.AlertmanagerGlobalConfig)
return nil
}
- if gc.HTTPConfig != nil {
- if err := gc.HTTPConfig.Validate(); err != nil {
- return err
- }
+ if err := gc.HTTPConfig.Validate(); err != nil {
+ return fmt.Errorf("httpConfig: %w", err)
}
return nil
diff --git a/pkg/apis/monitoring/v1/http_config.go b/pkg/apis/monitoring/v1/http_config.go
index 22734abe1..3d7a0b823 100644
--- a/pkg/apis/monitoring/v1/http_config.go
+++ b/pkg/apis/monitoring/v1/http_config.go
@@ -15,6 +15,7 @@
package v1
import (
+ "errors"
"fmt"
v1 "k8s.io/api/core/v1"
@@ -84,38 +85,41 @@ func (hc *HTTPConfig) Validate() error {
return nil
}
- if (hc.BasicAuth != nil || hc.OAuth2 != nil) && (hc.BearerTokenSecret != nil) {
- return fmt.Errorf("at most one of basicAuth, oauth2, bearerTokenSecret must be configured")
- }
-
- if hc.Authorization != nil {
- if hc.BearerTokenSecret != nil {
- return fmt.Errorf("authorization is not compatible with bearerTokenSecret")
+ // Check duplicate authentication methods.
+ switch {
+ case hc.Authorization != nil:
+ switch {
+ case hc.BasicAuth != nil:
+ return errors.New("authorization and basicAuth cannot be configured at the same time")
+ case hc.BearerTokenSecret != nil:
+ return errors.New("authorization and bearerTokenSecret cannot be configured at the same time")
+ case hc.OAuth2 != nil:
+ return errors.New("authorization and oauth2 cannot be configured at the same time")
}
-
- if hc.BasicAuth != nil || hc.OAuth2 != nil {
- return fmt.Errorf("at most one of basicAuth, oauth2 & authorization must be configured")
+ case hc.BasicAuth != nil:
+ switch {
+ case hc.BearerTokenSecret != nil:
+ return errors.New("basicAuth and bearerTokenSecret cannot be configured at the same time")
+ case hc.OAuth2 != nil:
+ return errors.New("basicAuth and oauth2 cannot be configured at the same time")
}
-
- if err := hc.Authorization.Validate(); err != nil {
- return err
+ case hc.BearerTokenSecret != nil:
+ switch {
+ case hc.OAuth2 != nil:
+ return errors.New("bearerTokenSecret and oauth2 cannot be configured at the same time")
}
}
- if hc.OAuth2 != nil {
- if hc.BasicAuth != nil {
- return fmt.Errorf("at most one of basicAuth, oauth2 & authorization must be configured")
- }
-
- if err := hc.OAuth2.Validate(); err != nil {
- return err
- }
+ if err := hc.Authorization.Validate(); err != nil {
+ return fmt.Errorf("authorization: %w", err)
}
- if hc.TLSConfig != nil {
- if err := hc.TLSConfig.Validate(); err != nil {
- return err
- }
+ if err := hc.OAuth2.Validate(); err != nil {
+ return fmt.Errorf("oauth2: %w", err)
+ }
+
+ if err := hc.TLSConfig.Validate(); err != nil {
+ return fmt.Errorf("tlsConfig: %w", err)
}
if err := hc.ProxyConfig.Validate(); err != nil {
diff --git a/pkg/apis/monitoring/v1/podmonitor_types.go b/pkg/apis/monitoring/v1/podmonitor_types.go
index 575748d7a..58783ae82 100644
--- a/pkg/apis/monitoring/v1/podmonitor_types.go
+++ b/pkg/apis/monitoring/v1/podmonitor_types.go
@@ -15,7 +15,6 @@
package v1
import (
- v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/intstr"
@@ -271,20 +270,6 @@ type PodMetricsEndpoint struct {
// +optional
ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"`
- // tlsConfig defines the TLS configuration to use when scraping the target.
- //
- // +optional
- TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"`
-
- // bearerTokenSecret defines a key of a Secret containing the bearer
- // token for scraping targets. The secret needs to be in the same namespace
- // as the PodMonitor object and readable by the Prometheus Operator.
- //
- // +optional
- //
- // Deprecated: use `authorization` instead.
- BearerTokenSecret v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"`
-
// honorLabels when true preserves the metric's labels when they collide
// with the target's labels.
// +optional
@@ -305,31 +290,6 @@ type PodMetricsEndpoint struct {
// +optional
TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"`
- // basicAuth defines the Basic Authentication credentials to use when
- // scraping the target.
- //
- // Cannot be set at the same time as `authorization`, or `oauth2`.
- //
- // +optional
- BasicAuth *BasicAuth `json:"basicAuth,omitempty"`
-
- // oauth2 defines the OAuth2 settings to use when scraping the target.
- //
- // It requires Prometheus >= 2.27.0.
- //
- // Cannot be set at the same time as `authorization`, or `basicAuth`.
- //
- // +optional
- OAuth2 *OAuth2 `json:"oauth2,omitempty"`
-
- // authorization defines the Authorization header credentials to use when
- // scraping the target.
- //
- // Cannot be set at the same time as `basicAuth`, or `oauth2`.
- //
- // +optional
- Authorization *SafeAuthorization `json:"authorization,omitempty"`
-
// metricRelabelings defines the relabeling rules to apply to the
// samples before ingestion.
//
@@ -348,20 +308,6 @@ type PodMetricsEndpoint struct {
// +optional
RelabelConfigs []RelabelConfig `json:"relabelings,omitempty"`
- // +optional
- ProxyConfig `json:",inline"`
-
- // followRedirects defines whether the scrape requests should follow HTTP
- // 3xx redirects.
- //
- // +optional
- FollowRedirects *bool `json:"followRedirects,omitempty"`
-
- // enableHttp2 can be used to disable HTTP2 when scraping the target.
- //
- // +optional
- EnableHttp2 *bool `json:"enableHttp2,omitempty"`
-
// filterRunning when true, the pods which are not running (e.g. either in Failed or
// Succeeded state) are dropped during the target discovery.
//
@@ -371,4 +317,6 @@ type PodMetricsEndpoint struct {
//
// +optional
FilterRunning *bool `json:"filterRunning,omitempty"`
+
+ HTTPConfig `json:",inline"`
}
diff --git a/pkg/apis/monitoring/v1/podmonitor_types_test.go b/pkg/apis/monitoring/v1/podmonitor_types_test.go
index f109ebdf8..4e0420b56 100644
--- a/pkg/apis/monitoring/v1/podmonitor_types_test.go
+++ b/pkg/apis/monitoring/v1/podmonitor_types_test.go
@@ -41,7 +41,7 @@ func TestMarshallPodMonitor(t *testing.T) {
},
},
}
- expected := `{"metadata":{"name":"test","namespace":"default","labels":{"group":"group1"}},"spec":{"podMetricsEndpoints":[{"port":"metric","bearerTokenSecret":{"key":""}}],"selector":{},"namespaceSelector":{"matchNames":["test"]}}}`
+ expected := `{"metadata":{"name":"test","namespace":"default","labels":{"group":"group1"}},"spec":{"podMetricsEndpoints":[{"port":"metric"}],"selector":{},"namespaceSelector":{"matchNames":["test"]}}}`
r, err := json.Marshal(sm)
if err != nil {
diff --git a/pkg/apis/monitoring/v1/types.go b/pkg/apis/monitoring/v1/types.go
index 9c62771d8..eb110df7e 100644
--- a/pkg/apis/monitoring/v1/types.go
+++ b/pkg/apis/monitoring/v1/types.go
@@ -758,6 +758,10 @@ type OAuth2 struct {
}
func (o *OAuth2) Validate() error {
+ if o == nil {
+ return nil
+ }
+
if o.TokenURL == "" {
return errors.New("OAuth2 tokenURL must be specified")
}
diff --git a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go
index a69ee4bdf..2ac328d5a 100644
--- a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go
@@ -2015,12 +2015,6 @@ func (in *PodMetricsEndpoint) DeepCopyInto(out *PodMetricsEndpoint) {
(*out)[key] = outVal
}
}
- if in.TLSConfig != nil {
- in, out := &in.TLSConfig, &out.TLSConfig
- *out = new(SafeTLSConfig)
- (*in).DeepCopyInto(*out)
- }
- in.BearerTokenSecret.DeepCopyInto(&out.BearerTokenSecret)
if in.HonorTimestamps != nil {
in, out := &in.HonorTimestamps, &out.HonorTimestamps
*out = new(bool)
@@ -2031,21 +2025,6 @@ func (in *PodMetricsEndpoint) DeepCopyInto(out *PodMetricsEndpoint) {
*out = new(bool)
**out = **in
}
- if in.BasicAuth != nil {
- in, out := &in.BasicAuth, &out.BasicAuth
- *out = new(BasicAuth)
- (*in).DeepCopyInto(*out)
- }
- if in.OAuth2 != nil {
- in, out := &in.OAuth2, &out.OAuth2
- *out = new(OAuth2)
- (*in).DeepCopyInto(*out)
- }
- if in.Authorization != nil {
- in, out := &in.Authorization, &out.Authorization
- *out = new(SafeAuthorization)
- (*in).DeepCopyInto(*out)
- }
if in.MetricRelabelConfigs != nil {
in, out := &in.MetricRelabelConfigs, &out.MetricRelabelConfigs
*out = make([]RelabelConfig, len(*in))
@@ -2060,22 +2039,12 @@ func (in *PodMetricsEndpoint) DeepCopyInto(out *PodMetricsEndpoint) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
- in.ProxyConfig.DeepCopyInto(&out.ProxyConfig)
- if in.FollowRedirects != nil {
- in, out := &in.FollowRedirects, &out.FollowRedirects
- *out = new(bool)
- **out = **in
- }
- if in.EnableHttp2 != nil {
- in, out := &in.EnableHttp2, &out.EnableHttp2
- *out = new(bool)
- **out = **in
- }
if in.FilterRunning != nil {
in, out := &in.FilterRunning, &out.FilterRunning
*out = new(bool)
**out = **in
}
+ in.HTTPConfig.DeepCopyInto(&out.HTTPConfig)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodMetricsEndpoint.
diff --git a/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go b/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go
index ac42e66ca..e61f85087 100644
--- a/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go
+++ b/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go
@@ -25,28 +25,21 @@ import (
// PodMetricsEndpointApplyConfiguration represents a declarative configuration of the PodMetricsEndpoint type for use
// with apply.
type PodMetricsEndpointApplyConfiguration struct {
- Port *string `json:"port,omitempty"`
- PortNumber *int32 `json:"portNumber,omitempty"`
- TargetPort *intstr.IntOrString `json:"targetPort,omitempty"`
- Path *string `json:"path,omitempty"`
- Scheme *string `json:"scheme,omitempty"`
- Params map[string][]string `json:"params,omitempty"`
- Interval *monitoringv1.Duration `json:"interval,omitempty"`
- ScrapeTimeout *monitoringv1.Duration `json:"scrapeTimeout,omitempty"`
- TLSConfig *SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"`
- BearerTokenSecret *corev1.SecretKeySelector `json:"bearerTokenSecret,omitempty"`
- HonorLabels *bool `json:"honorLabels,omitempty"`
- HonorTimestamps *bool `json:"honorTimestamps,omitempty"`
- TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"`
- BasicAuth *BasicAuthApplyConfiguration `json:"basicAuth,omitempty"`
- OAuth2 *OAuth2ApplyConfiguration `json:"oauth2,omitempty"`
- Authorization *SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"`
- MetricRelabelConfigs []RelabelConfigApplyConfiguration `json:"metricRelabelings,omitempty"`
- RelabelConfigs []RelabelConfigApplyConfiguration `json:"relabelings,omitempty"`
- ProxyConfigApplyConfiguration `json:",inline"`
- FollowRedirects *bool `json:"followRedirects,omitempty"`
- EnableHttp2 *bool `json:"enableHttp2,omitempty"`
- FilterRunning *bool `json:"filterRunning,omitempty"`
+ Port *string `json:"port,omitempty"`
+ PortNumber *int32 `json:"portNumber,omitempty"`
+ TargetPort *intstr.IntOrString `json:"targetPort,omitempty"`
+ Path *string `json:"path,omitempty"`
+ Scheme *string `json:"scheme,omitempty"`
+ Params map[string][]string `json:"params,omitempty"`
+ Interval *monitoringv1.Duration `json:"interval,omitempty"`
+ ScrapeTimeout *monitoringv1.Duration `json:"scrapeTimeout,omitempty"`
+ HonorLabels *bool `json:"honorLabels,omitempty"`
+ HonorTimestamps *bool `json:"honorTimestamps,omitempty"`
+ TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"`
+ MetricRelabelConfigs []RelabelConfigApplyConfiguration `json:"metricRelabelings,omitempty"`
+ RelabelConfigs []RelabelConfigApplyConfiguration `json:"relabelings,omitempty"`
+ FilterRunning *bool `json:"filterRunning,omitempty"`
+ HTTPConfigApplyConfiguration `json:",inline"`
}
// PodMetricsEndpointApplyConfiguration constructs a declarative configuration of the PodMetricsEndpoint type for use with
@@ -125,22 +118,6 @@ func (b *PodMetricsEndpointApplyConfiguration) WithScrapeTimeout(value monitorin
return b
}
-// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the TLSConfig field is set to the value of the last call.
-func (b *PodMetricsEndpointApplyConfiguration) WithTLSConfig(value *SafeTLSConfigApplyConfiguration) *PodMetricsEndpointApplyConfiguration {
- b.TLSConfig = value
- return b
-}
-
-// WithBearerTokenSecret sets the BearerTokenSecret field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the BearerTokenSecret field is set to the value of the last call.
-func (b *PodMetricsEndpointApplyConfiguration) WithBearerTokenSecret(value corev1.SecretKeySelector) *PodMetricsEndpointApplyConfiguration {
- b.BearerTokenSecret = &value
- return b
-}
-
// WithHonorLabels sets the HonorLabels field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the HonorLabels field is set to the value of the last call.
@@ -165,30 +142,6 @@ func (b *PodMetricsEndpointApplyConfiguration) WithTrackTimestampsStaleness(valu
return b
}
-// WithBasicAuth sets the BasicAuth field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the BasicAuth field is set to the value of the last call.
-func (b *PodMetricsEndpointApplyConfiguration) WithBasicAuth(value *BasicAuthApplyConfiguration) *PodMetricsEndpointApplyConfiguration {
- b.BasicAuth = value
- return b
-}
-
-// WithOAuth2 sets the OAuth2 field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the OAuth2 field is set to the value of the last call.
-func (b *PodMetricsEndpointApplyConfiguration) WithOAuth2(value *OAuth2ApplyConfiguration) *PodMetricsEndpointApplyConfiguration {
- b.OAuth2 = value
- return b
-}
-
-// WithAuthorization sets the Authorization field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Authorization field is set to the value of the last call.
-func (b *PodMetricsEndpointApplyConfiguration) WithAuthorization(value *SafeAuthorizationApplyConfiguration) *PodMetricsEndpointApplyConfiguration {
- b.Authorization = value
- return b
-}
-
// WithMetricRelabelConfigs adds the given value to the MetricRelabelConfigs field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the MetricRelabelConfigs field.
@@ -215,6 +168,54 @@ func (b *PodMetricsEndpointApplyConfiguration) WithRelabelConfigs(values ...*Rel
return b
}
+// WithFilterRunning sets the FilterRunning field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the FilterRunning field is set to the value of the last call.
+func (b *PodMetricsEndpointApplyConfiguration) WithFilterRunning(value bool) *PodMetricsEndpointApplyConfiguration {
+ b.FilterRunning = &value
+ return b
+}
+
+// WithAuthorization sets the Authorization field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Authorization field is set to the value of the last call.
+func (b *PodMetricsEndpointApplyConfiguration) WithAuthorization(value *SafeAuthorizationApplyConfiguration) *PodMetricsEndpointApplyConfiguration {
+ b.HTTPConfigApplyConfiguration.Authorization = value
+ return b
+}
+
+// WithBasicAuth sets the BasicAuth field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the BasicAuth field is set to the value of the last call.
+func (b *PodMetricsEndpointApplyConfiguration) WithBasicAuth(value *BasicAuthApplyConfiguration) *PodMetricsEndpointApplyConfiguration {
+ b.HTTPConfigApplyConfiguration.BasicAuth = value
+ return b
+}
+
+// WithOAuth2 sets the OAuth2 field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the OAuth2 field is set to the value of the last call.
+func (b *PodMetricsEndpointApplyConfiguration) WithOAuth2(value *OAuth2ApplyConfiguration) *PodMetricsEndpointApplyConfiguration {
+ b.HTTPConfigApplyConfiguration.OAuth2 = value
+ return b
+}
+
+// WithBearerTokenSecret sets the BearerTokenSecret field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the BearerTokenSecret field is set to the value of the last call.
+func (b *PodMetricsEndpointApplyConfiguration) WithBearerTokenSecret(value corev1.SecretKeySelector) *PodMetricsEndpointApplyConfiguration {
+ b.HTTPConfigApplyConfiguration.BearerTokenSecret = &value
+ return b
+}
+
+// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the TLSConfig field is set to the value of the last call.
+func (b *PodMetricsEndpointApplyConfiguration) WithTLSConfig(value *SafeTLSConfigApplyConfiguration) *PodMetricsEndpointApplyConfiguration {
+ b.HTTPConfigApplyConfiguration.TLSConfig = value
+ return b
+}
+
// WithProxyURL sets the ProxyURL field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the ProxyURL field is set to the value of the last call.
@@ -257,22 +258,14 @@ func (b *PodMetricsEndpointApplyConfiguration) WithProxyConnectHeader(entries ma
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the FollowRedirects field is set to the value of the last call.
func (b *PodMetricsEndpointApplyConfiguration) WithFollowRedirects(value bool) *PodMetricsEndpointApplyConfiguration {
- b.FollowRedirects = &value
+ b.HTTPConfigApplyConfiguration.FollowRedirects = &value
return b
}
-// WithEnableHttp2 sets the EnableHttp2 field in the declarative configuration to the given value
+// WithEnableHTTP2 sets the EnableHTTP2 field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the EnableHttp2 field is set to the value of the last call.
-func (b *PodMetricsEndpointApplyConfiguration) WithEnableHttp2(value bool) *PodMetricsEndpointApplyConfiguration {
- b.EnableHttp2 = &value
- return b
-}
-
-// WithFilterRunning sets the FilterRunning field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the FilterRunning field is set to the value of the last call.
-func (b *PodMetricsEndpointApplyConfiguration) WithFilterRunning(value bool) *PodMetricsEndpointApplyConfiguration {
- b.FilterRunning = &value
+// If called multiple times, the EnableHTTP2 field is set to the value of the last call.
+func (b *PodMetricsEndpointApplyConfiguration) WithEnableHTTP2(value bool) *PodMetricsEndpointApplyConfiguration {
+ b.HTTPConfigApplyConfiguration.EnableHTTP2 = &value
return b
}
diff --git a/pkg/prometheus/promcfg.go b/pkg/prometheus/promcfg.go
index bded3c4cb..7037b7d29 100644
--- a/pkg/prometheus/promcfg.go
+++ b/pkg/prometheus/promcfg.go
@@ -859,6 +859,28 @@ func (cg *ConfigGenerator) addSafeTLStoYaml(
return cg.AppendMapItem(cfg, "tls_config", safetlsConfig)
}
+func (cg *ConfigGenerator) addHTTPConfigToYAML(
+ cfg yaml.MapSlice,
+ store assets.StoreGetter,
+ httpConfig *monitoringv1.HTTPConfig,
+ scrapeClass monitoringv1.ScrapeClass,
+
+) yaml.MapSlice {
+ if httpConfig == nil {
+ return cfg
+ }
+
+ if httpConfig.FollowRedirects != nil {
+ cfg = cg.WithMinimumVersion("2.26.0").AppendMapItem(cfg, "follow_redirects", *httpConfig.FollowRedirects)
+ }
+
+ if httpConfig.EnableHTTP2 != nil {
+ cfg = cg.WithMinimumVersion("2.35.0").AppendMapItem(cfg, "enable_http2", *httpConfig.EnableHTTP2)
+ }
+
+ return cg.addTLStoYaml(cfg, store, mergeSafeTLSConfigWithScrapeClass(httpConfig.TLSConfig, scrapeClass))
+}
+
func (cg *ConfigGenerator) addTLStoYaml(
cfg yaml.MapSlice,
store assets.StoreGetter,
@@ -1349,20 +1371,14 @@ func (cg *ConfigGenerator) generatePodMonitorConfig(
if ep.Scheme != "" {
cfg = append(cfg, yaml.MapItem{Key: "scheme", Value: ep.Scheme})
}
- if ep.FollowRedirects != nil {
- cfg = cg.WithMinimumVersion("2.26.0").AppendMapItem(cfg, "follow_redirects", *ep.FollowRedirects)
- }
- if ep.EnableHttp2 != nil {
- cfg = cg.WithMinimumVersion("2.35.0").AppendMapItem(cfg, "enable_http2", *ep.EnableHttp2)
- }
- cfg = cg.addTLStoYaml(cfg, s, mergeSafeTLSConfigWithScrapeClass(ep.TLSConfig, scrapeClass))
+ cfg = cg.addHTTPConfigToYAML(cfg, s, &ep.HTTPConfig, scrapeClass)
//nolint:staticcheck // Ignore SA1019 this field is marked as deprecated.
- if ep.BearerTokenSecret.Name != "" {
+ if ep.BearerTokenSecret != nil && ep.BearerTokenSecret.Name != "" {
cg.logger.Debug("'bearerTokenSecret' is deprecated, use 'authorization' instead.")
- b, err := s.GetSecretKey(ep.BearerTokenSecret)
+ b, err := s.GetSecretKey(*ep.HTTPConfig.BearerTokenSecret)
if err != nil {
cg.logger.Error("invalid bearer token secret reference", "err", err)
} else {
diff --git a/pkg/prometheus/promcfg_test.go b/pkg/prometheus/promcfg_test.go
index 661f9627a..c7910dbd0 100644
--- a/pkg/prometheus/promcfg_test.go
+++ b/pkg/prometheus/promcfg_test.go
@@ -2715,8 +2715,8 @@ func TestEndpointOAuth2(t *testing.T) {
Spec: monitoringv1.PodMonitorSpec{
PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{
{
- Port: ptr.To("web"),
- OAuth2: &oauth2,
+ Port: ptr.To("web"),
+ HTTPConfig: monitoringv1.HTTPConfig{OAuth2: &oauth2},
},
},
},
@@ -5245,9 +5245,9 @@ func TestPodMonitorEndpointFollowRedirects(t *testing.T) {
Spec: monitoringv1.PodMonitorSpec{
PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{
{
- Port: ptr.To("web"),
- Interval: "30s",
- FollowRedirects: ptr.To(tc.followRedirects),
+ Port: ptr.To("web"),
+ Interval: "30s",
+ HTTPConfig: monitoringv1.HTTPConfig{FollowRedirects: ptr.To(tc.followRedirects)},
},
},
},
@@ -5426,9 +5426,9 @@ func TestPodMonitorEndpointEnableHttp2(t *testing.T) {
Spec: monitoringv1.PodMonitorSpec{
PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{
{
- Port: ptr.To("web"),
- Interval: "30s",
- EnableHttp2: ptr.To(tc.enableHTTP2),
+ Port: ptr.To("web"),
+ Interval: "30s",
+ HTTPConfig: monitoringv1.HTTPConfig{EnableHTTP2: ptr.To(tc.enableHTTP2)},
},
},
},
diff --git a/pkg/prometheus/resource_selector.go b/pkg/prometheus/resource_selector.go
index bbfb28183..128727ee0 100644
--- a/pkg/prometheus/resource_selector.go
+++ b/pkg/prometheus/resource_selector.go
@@ -529,29 +529,6 @@ func (rs *ResourceSelector) checkPodMonitor(ctx context.Context, pm *monitoringv
for i, endpoint := range pm.Spec.PodMetricsEndpoints {
epErr := fmt.Errorf("endpoint[%d]", i)
- //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated.
- if endpoint.BearerTokenSecret.Name != "" && endpoint.BearerTokenSecret.Key != "" {
- if _, err := rs.store.GetSecretKey(ctx, pm.GetNamespace(), endpoint.BearerTokenSecret); err != nil {
- return fmt.Errorf("%w: bearerTokenSecret: %w", epErr, err)
- }
- }
-
- if err := rs.store.AddBasicAuth(ctx, pm.GetNamespace(), endpoint.BasicAuth); err != nil {
- return fmt.Errorf("%w: basicAuth: %w", epErr, err)
- }
-
- if err := rs.store.AddSafeTLSConfig(ctx, pm.GetNamespace(), endpoint.TLSConfig); err != nil {
- return fmt.Errorf("%w: tlsConfig: %w", epErr, err)
- }
-
- if err := rs.store.AddOAuth2(ctx, pm.GetNamespace(), endpoint.OAuth2); err != nil {
- return fmt.Errorf("%w: oauth2: %w", epErr, err)
- }
-
- if err := rs.store.AddSafeAuthorizationCredentials(ctx, pm.GetNamespace(), endpoint.Authorization); err != nil {
- return fmt.Errorf("%w: authorization: %w", epErr, err)
- }
-
if err := validateScrapeIntervalAndTimeout(rs.p, endpoint.Interval, endpoint.ScrapeTimeout); err != nil {
return fmt.Errorf("%w: %w", epErr, err)
}
@@ -564,8 +541,8 @@ func (rs *ResourceSelector) checkPodMonitor(ctx context.Context, pm *monitoringv
return fmt.Errorf("%w: metricRelabelConfigs: %w", epErr, err)
}
- if err := addProxyConfigToStore(ctx, endpoint.ProxyConfig, rs.store, pm.GetNamespace()); err != nil {
- return fmt.Errorf("%w: proxyConfig: %w", epErr, err)
+ if err := rs.addHTTPConfigToStore(ctx, endpoint.HTTPConfig, pm.GetNamespace()); err != nil {
+ return fmt.Errorf("%w: %w", epErr, err)
}
}
@@ -576,6 +553,44 @@ func (rs *ResourceSelector) checkPodMonitor(ctx context.Context, pm *monitoringv
return nil
}
+func (rs *ResourceSelector) addHTTPConfigToStore(
+ ctx context.Context,
+ httpConfig monitoringv1.HTTPConfig,
+ namespace string) error {
+ if err := httpConfig.Validate(); err != nil {
+ return err
+ }
+
+ //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated.
+ if httpConfig.BearerTokenSecret != nil && httpConfig.BearerTokenSecret.Name != "" && httpConfig.BearerTokenSecret.Key != "" {
+ if _, err := rs.store.GetSecretKey(ctx, namespace, *httpConfig.BearerTokenSecret); err != nil {
+ return fmt.Errorf("bearerTokenSecret: %w", err)
+ }
+ }
+
+ if err := rs.store.AddBasicAuth(ctx, namespace, httpConfig.BasicAuth); err != nil {
+ return fmt.Errorf("basicAuth: %w", err)
+ }
+
+ if err := rs.store.AddSafeTLSConfig(ctx, namespace, httpConfig.TLSConfig); err != nil {
+ return fmt.Errorf("tlsConfig: %w", err)
+ }
+
+ if err := rs.store.AddOAuth2(ctx, namespace, httpConfig.OAuth2); err != nil {
+ return fmt.Errorf("oauth2: %w", err)
+ }
+
+ if err := rs.store.AddSafeAuthorizationCredentials(ctx, namespace, httpConfig.Authorization); err != nil {
+ return fmt.Errorf("authorization: %w", err)
+ }
+
+ if err := addProxyConfigToStore(ctx, httpConfig.ProxyConfig, rs.store, namespace); err != nil {
+ return fmt.Errorf("proxyConfig: %w", err)
+ }
+
+ return nil
+}
+
// SelectProbes returns the probes matching the selectors specified in the Prometheus CR.
// This function also populates authentication stores and performs
// validations against scrape intervals, relabel configs and Probe URLs.
diff --git a/pkg/prometheus/resource_selector_test.go b/pkg/prometheus/resource_selector_test.go
index a9639c9a3..b492366b3 100644
--- a/pkg/prometheus/resource_selector_test.go
+++ b/pkg/prometheus/resource_selector_test.go
@@ -1613,17 +1613,19 @@ func TestSelectPodMonitors(t *testing.T) {
scenario: "valid proxy config",
updateSpec: func(pm *monitoringv1.PodMonitorSpec) {
pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{
- ProxyConfig: monitoringv1.ProxyConfig{
- ProxyURL: ptr.To("http://no-proxy.com"),
- NoProxy: ptr.To("0.0.0.0"),
- ProxyFromEnvironment: ptr.To(false),
- ProxyConnectHeader: map[string][]v1.SecretKeySelector{
- "header": {
- {
- LocalObjectReference: v1.LocalObjectReference{
- Name: "secret",
+ HTTPConfig: monitoringv1.HTTPConfig{
+ ProxyConfig: monitoringv1.ProxyConfig{
+ ProxyURL: ptr.To("http://no-proxy.com"),
+ NoProxy: ptr.To("0.0.0.0"),
+ ProxyFromEnvironment: ptr.To(false),
+ ProxyConnectHeader: map[string][]v1.SecretKeySelector{
+ "header": {
+ {
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: "secret",
+ },
+ Key: "key1",
},
- Key: "key1",
},
},
},
@@ -1636,17 +1638,19 @@ func TestSelectPodMonitors(t *testing.T) {
scenario: "invalid proxy config with invalid secret key",
updateSpec: func(pm *monitoringv1.PodMonitorSpec) {
pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{
- ProxyConfig: monitoringv1.ProxyConfig{
- ProxyURL: ptr.To("http://no-proxy.com"),
- NoProxy: ptr.To("0.0.0.0"),
- ProxyFromEnvironment: ptr.To(false),
- ProxyConnectHeader: map[string][]v1.SecretKeySelector{
- "header": {
- {
- LocalObjectReference: v1.LocalObjectReference{
- Name: "secret",
+ HTTPConfig: monitoringv1.HTTPConfig{
+ ProxyConfig: monitoringv1.ProxyConfig{
+ ProxyURL: ptr.To("http://no-proxy.com"),
+ NoProxy: ptr.To("0.0.0.0"),
+ ProxyFromEnvironment: ptr.To(false),
+ ProxyConnectHeader: map[string][]v1.SecretKeySelector{
+ "header": {
+ {
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: "secret",
+ },
+ Key: "invalid_key",
},
- Key: "invalid_key",
},
},
},
@@ -1659,17 +1663,19 @@ func TestSelectPodMonitors(t *testing.T) {
scenario: "invalid proxy config due to invalid proxy url",
updateSpec: func(pm *monitoringv1.PodMonitorSpec) {
pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{
- ProxyConfig: monitoringv1.ProxyConfig{
- ProxyURL: ptr.To("http://xxx-${dev}.svc.cluster.local:80"),
- NoProxy: ptr.To("0.0.0.0"),
- ProxyFromEnvironment: ptr.To(false),
- ProxyConnectHeader: map[string][]v1.SecretKeySelector{
- "header": {
- {
- LocalObjectReference: v1.LocalObjectReference{
- Name: "secret",
+ HTTPConfig: monitoringv1.HTTPConfig{
+ ProxyConfig: monitoringv1.ProxyConfig{
+ ProxyURL: ptr.To("http://xxx-${dev}.svc.cluster.local:80"),
+ NoProxy: ptr.To("0.0.0.0"),
+ ProxyFromEnvironment: ptr.To(false),
+ ProxyConnectHeader: map[string][]v1.SecretKeySelector{
+ "header": {
+ {
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: "secret",
+ },
+ Key: "key1",
},
- Key: "key1",
},
},
},
@@ -1682,16 +1688,18 @@ func TestSelectPodMonitors(t *testing.T) {
scenario: "invalid proxy config with noProxy defined but proxy from environment set to true",
updateSpec: func(pm *monitoringv1.PodMonitorSpec) {
pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{
- ProxyConfig: monitoringv1.ProxyConfig{
- NoProxy: ptr.To("0.0.0.0"),
- ProxyFromEnvironment: ptr.To(true),
- ProxyConnectHeader: map[string][]v1.SecretKeySelector{
- "header": {
- {
- LocalObjectReference: v1.LocalObjectReference{
- Name: "secret",
+ HTTPConfig: monitoringv1.HTTPConfig{
+ ProxyConfig: monitoringv1.ProxyConfig{
+ NoProxy: ptr.To("0.0.0.0"),
+ ProxyFromEnvironment: ptr.To(true),
+ ProxyConnectHeader: map[string][]v1.SecretKeySelector{
+ "header": {
+ {
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: "secret",
+ },
+ Key: "key1",
},
- Key: "key1",
},
},
},
@@ -1704,16 +1712,18 @@ func TestSelectPodMonitors(t *testing.T) {
scenario: "invalid proxy config with proxy url defined but proxy from environment set to true",
updateSpec: func(pm *monitoringv1.PodMonitorSpec) {
pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{
- ProxyConfig: monitoringv1.ProxyConfig{
- ProxyURL: ptr.To("http://no-proxy.com"),
- ProxyFromEnvironment: ptr.To(true),
- ProxyConnectHeader: map[string][]v1.SecretKeySelector{
- "header": {
- {
- LocalObjectReference: v1.LocalObjectReference{
- Name: "secret",
+ HTTPConfig: monitoringv1.HTTPConfig{
+ ProxyConfig: monitoringv1.ProxyConfig{
+ ProxyURL: ptr.To("http://no-proxy.com"),
+ ProxyFromEnvironment: ptr.To(true),
+ ProxyConnectHeader: map[string][]v1.SecretKeySelector{
+ "header": {
+ {
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: "secret",
+ },
+ Key: "key1",
},
- Key: "key1",
},
},
},
@@ -1726,14 +1736,16 @@ func TestSelectPodMonitors(t *testing.T) {
scenario: "invalid proxy config only with proxy connect header defined",
updateSpec: func(pm *monitoringv1.PodMonitorSpec) {
pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{
- ProxyConfig: monitoringv1.ProxyConfig{
- ProxyConnectHeader: map[string][]v1.SecretKeySelector{
- "header": {
- {
- LocalObjectReference: v1.LocalObjectReference{
- Name: "secret",
+ HTTPConfig: monitoringv1.HTTPConfig{
+ ProxyConfig: monitoringv1.ProxyConfig{
+ ProxyConnectHeader: map[string][]v1.SecretKeySelector{
+ "header": {
+ {
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: "secret",
+ },
+ Key: "key1",
},
- Key: "key1",
},
},
},
@@ -4891,3 +4903,147 @@ func TestSelectScrapeConfigs(t *testing.T) {
})
}
}
+
+func TestSelectPodMonitorsWithInvalidAuthentication(t *testing.T) {
+ storeBuilder := assets.NewTestStoreBuilder(
+ &v1.Secret{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "foo",
+ Namespace: "default",
+ },
+ Data: map[string][]byte{
+ "secret": []byte("xxx"),
+ },
+ },
+ )
+ secretKey := v1.SecretKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: "foo",
+ },
+ Key: "secret",
+ }
+
+ for _, tc := range []struct {
+ name string
+ updateFunc func(pe *monitoringv1.PodMetricsEndpoint)
+ }{
+ {
+ name: "duplicate bearerTokenSecret and authorization",
+ updateFunc: func(pe *monitoringv1.PodMetricsEndpoint) {
+ pe.BearerTokenSecret = &secretKey
+ pe.Authorization = &monitoringv1.SafeAuthorization{
+ Credentials: &secretKey,
+ }
+ },
+ },
+ {
+ name: "duplicate bearerTokenSecret and basicAuth",
+ updateFunc: func(pe *monitoringv1.PodMetricsEndpoint) {
+ pe.BearerTokenSecret = &secretKey
+ pe.BasicAuth = &monitoringv1.BasicAuth{
+ Username: secretKey,
+ Password: secretKey,
+ }
+ },
+ },
+ {
+ name: "duplicate bearerTokenSecret and oauth2",
+ updateFunc: func(pe *monitoringv1.PodMetricsEndpoint) {
+ pe.BearerTokenSecret = &secretKey
+ pe.OAuth2 = &monitoringv1.OAuth2{
+ ClientID: monitoringv1.SecretOrConfigMap{
+ Secret: &secretKey,
+ },
+ ClientSecret: secretKey,
+ TokenURL: "http://example.com",
+ }
+ },
+ },
+ {
+ name: "duplicate authorization and basicAuth",
+ updateFunc: func(pe *monitoringv1.PodMetricsEndpoint) {
+ pe.Authorization = &monitoringv1.SafeAuthorization{
+ Credentials: &secretKey,
+ }
+ pe.BasicAuth = &monitoringv1.BasicAuth{
+ Username: secretKey,
+ Password: secretKey,
+ }
+ },
+ },
+ {
+ name: "duplicate authorization and oauth2",
+ updateFunc: func(pe *monitoringv1.PodMetricsEndpoint) {
+ pe.Authorization = &monitoringv1.SafeAuthorization{
+ Credentials: &secretKey,
+ }
+ pe.OAuth2 = &monitoringv1.OAuth2{
+ ClientID: monitoringv1.SecretOrConfigMap{
+ Secret: &secretKey,
+ },
+ ClientSecret: secretKey,
+ TokenURL: "http://example.com",
+ }
+ },
+ },
+ {
+ name: "duplicate basicAuth and oauth2",
+ updateFunc: func(pe *monitoringv1.PodMetricsEndpoint) {
+ pe.BasicAuth = &monitoringv1.BasicAuth{
+ Username: secretKey,
+ Password: secretKey,
+ }
+ pe.OAuth2 = &monitoringv1.OAuth2{
+ ClientID: monitoringv1.SecretOrConfigMap{
+ Secret: &secretKey,
+ },
+ ClientSecret: secretKey,
+ TokenURL: "http://example.com",
+ }
+ },
+ },
+ } {
+ t.Run(tc.name, func(t *testing.T) {
+ p := defaultPrometheus()
+
+ pme := monitoringv1.PodMetricsEndpoint{
+ Port: ptr.To("web"),
+ Interval: "30s",
+ }
+ tc.updateFunc(&pme)
+ pm := &monitoringv1.PodMonitor{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "test",
+ Namespace: "default",
+ Labels: map[string]string{
+ "group": "group1",
+ },
+ },
+ Spec: monitoringv1.PodMonitorSpec{
+ PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{pme},
+ },
+ }
+
+ rs, err := NewResourceSelector(
+ newLogger(),
+ p,
+ storeBuilder,
+ nil,
+ operator.NewMetrics(prometheus.NewPedanticRegistry()),
+ operator.NewFakeRecorder(1, p),
+ )
+ require.NoError(t, err)
+
+ pms, err := rs.SelectPodMonitors(context.Background(), func(_ string, _ labels.Selector, appendFn cache.AppendFunc) error {
+ appendFn(pm)
+ return nil
+ })
+
+ require.NoError(t, err)
+ require.Len(t, pms, 1)
+
+ valid := pms.ValidResources()
+ require.Empty(t, valid)
+ })
+ }
+}
diff --git a/test/e2e/prometheus_test.go b/test/e2e/prometheus_test.go
index e899818e8..81cce797c 100644
--- a/test/e2e/prometheus_test.go
+++ b/test/e2e/prometheus_test.go
@@ -3503,18 +3503,20 @@ func testPromSecurePodMonitor(t *testing.T) {
name: "basic-auth-secret",
endpoint: monitoringv1.PodMetricsEndpoint{
Port: ptr.To("web"),
- BasicAuth: &monitoringv1.BasicAuth{
- Username: v1.SecretKeySelector{
- LocalObjectReference: v1.LocalObjectReference{
- Name: name,
+ HTTPConfig: monitoringv1.HTTPConfig{
+ BasicAuth: &monitoringv1.BasicAuth{
+ Username: v1.SecretKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: name,
+ },
+ Key: "user",
},
- Key: "user",
- },
- Password: v1.SecretKeySelector{
- LocalObjectReference: v1.LocalObjectReference{
- Name: name,
+ Password: v1.SecretKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: name,
+ },
+ Key: "password",
},
- Key: "password",
},
},
},
@@ -3526,11 +3528,13 @@ func testPromSecurePodMonitor(t *testing.T) {
name: "bearer-secret",
endpoint: monitoringv1.PodMetricsEndpoint{
Port: ptr.To("web"),
- BearerTokenSecret: v1.SecretKeySelector{
- LocalObjectReference: v1.LocalObjectReference{
- Name: name,
+ HTTPConfig: monitoringv1.HTTPConfig{
+ BearerTokenSecret: &v1.SecretKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: name,
+ },
+ Key: "bearer-token",
},
- Key: "bearer-token",
},
Path: "/bearer-metrics",
},
@@ -3543,30 +3547,32 @@ func testPromSecurePodMonitor(t *testing.T) {
endpoint: monitoringv1.PodMetricsEndpoint{
Port: ptr.To("mtls"),
Scheme: "https",
- TLSConfig: &monitoringv1.SafeTLSConfig{
- InsecureSkipVerify: ptr.To(true),
- CA: monitoringv1.SecretOrConfigMap{
- Secret: &v1.SecretKeySelector{
+ HTTPConfig: monitoringv1.HTTPConfig{
+ TLSConfig: &monitoringv1.SafeTLSConfig{
+ InsecureSkipVerify: ptr.To(true),
+ CA: monitoringv1.SecretOrConfigMap{
+ Secret: &v1.SecretKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: name,
+ },
+ Key: "cert.pem",
+ },
+ },
+ Cert: monitoringv1.SecretOrConfigMap{
+ Secret: &v1.SecretKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: name,
+ },
+ Key: "cert.pem",
+ },
+ },
+ KeySecret: &v1.SecretKeySelector{
LocalObjectReference: v1.LocalObjectReference{
Name: name,
},
- Key: "cert.pem",
+ Key: "key.pem",
},
},
- Cert: monitoringv1.SecretOrConfigMap{
- Secret: &v1.SecretKeySelector{
- LocalObjectReference: v1.LocalObjectReference{
- Name: name,
- },
- Key: "cert.pem",
- },
- },
- KeySecret: &v1.SecretKeySelector{
- LocalObjectReference: v1.LocalObjectReference{
- Name: name,
- },
- Key: "key.pem",
- },
},
Path: "/",
},
@@ -3576,30 +3582,32 @@ func testPromSecurePodMonitor(t *testing.T) {
endpoint: monitoringv1.PodMetricsEndpoint{
Port: ptr.To("mtls"),
Scheme: "https",
- TLSConfig: &monitoringv1.SafeTLSConfig{
- InsecureSkipVerify: ptr.To(true),
- CA: monitoringv1.SecretOrConfigMap{
- ConfigMap: &v1.ConfigMapKeySelector{
+ HTTPConfig: monitoringv1.HTTPConfig{
+ TLSConfig: &monitoringv1.SafeTLSConfig{
+ InsecureSkipVerify: ptr.To(true),
+ CA: monitoringv1.SecretOrConfigMap{
+ ConfigMap: &v1.ConfigMapKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: name,
+ },
+ Key: "cert.pem",
+ },
+ },
+ Cert: monitoringv1.SecretOrConfigMap{
+ ConfigMap: &v1.ConfigMapKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: name,
+ },
+ Key: "cert.pem",
+ },
+ },
+ KeySecret: &v1.SecretKeySelector{
LocalObjectReference: v1.LocalObjectReference{
Name: name,
},
- Key: "cert.pem",
+ Key: "key.pem",
},
},
- Cert: monitoringv1.SecretOrConfigMap{
- ConfigMap: &v1.ConfigMapKeySelector{
- LocalObjectReference: v1.LocalObjectReference{
- Name: name,
- },
- Key: "cert.pem",
- },
- },
- KeySecret: &v1.SecretKeySelector{
- LocalObjectReference: v1.LocalObjectReference{
- Name: name,
- },
- Key: "key.pem",
- },
},
Path: "/",
},