From ca5bf4a1190c1571a3fca71e18c39145487d0120 Mon Sep 17 00:00:00 2001 From: Simon Pasquier Date: Fri, 10 Oct 2025 12:40:46 +0200 Subject: [PATCH] feat: unify HTTP configuration for Probe CRD Signed-off-by: Simon Pasquier --- Documentation/api-reference/api.md | 568 ++++++++++++------ bundle.yaml | 42 +- .../monitoring.coreos.com_probes.yaml | 42 +- .../monitoring.coreos.com_probes.yaml | 42 +- jsonnet/prometheus-operator/probes-crd.json | 18 +- pkg/alertmanager/amcfg.go | 18 +- pkg/alertmanager/amcfg_test.go | 174 +++--- pkg/alertmanager/validation/v1/validation.go | 2 +- pkg/apis/monitoring/v1/alertmanager_types.go | 2 +- pkg/apis/monitoring/v1/http_config.go | 25 +- pkg/apis/monitoring/v1/podmonitor_types.go | 2 +- pkg/apis/monitoring/v1/probe_types.go | 26 +- pkg/apis/monitoring/v1/probe_types_test.go | 4 +- .../monitoring/v1/zz_generated.deepcopy.go | 43 +- .../monitoring/v1/alertmanagerglobalconfig.go | 34 +- .../monitoring/v1/httpconfig.go | 53 +- .../monitoring/v1/httpconfigwithproxy.go | 128 ++++ .../monitoring/v1/podmetricsendpoint.go | 62 +- .../monitoring/v1/probespec.go | 85 +-- pkg/client/applyconfiguration/utils.go | 2 + pkg/prometheus/promcfg.go | 4 +- pkg/prometheus/promcfg_test.go | 26 +- pkg/prometheus/resource_selector.go | 8 +- pkg/prometheus/resource_selector_test.go | 12 +- test/e2e/alertmanager_test.go | 34 +- test/e2e/prometheus_test.go | 120 ++-- 26 files changed, 1007 insertions(+), 569 deletions(-) create mode 100644 pkg/client/applyconfiguration/monitoring/v1/httpconfigwithproxy.go diff --git a/Documentation/api-reference/api.md b/Documentation/api-reference/api.md index 820d4b9b9..6a792bb82 100644 --- a/Documentation/api-reference/api.md +++ b/Documentation/api-reference/api.md @@ -1534,65 +1534,6 @@ The value cannot be greater than the scrape interval otherwise the operator will -tlsConfig
- - -SafeTLSConfig - - - - -(Optional) -

tlsConfig defines the TLS configuration to use when scraping the endpoint.

- - - - -bearerTokenSecret
- - -Kubernetes core/v1.SecretKeySelector - - - - -(Optional) -

bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret -needs to be in the same namespace as the probe and accessible by -the Prometheus Operator.

- - - - -basicAuth
- - -BasicAuth - - - - -(Optional) -

basicAuth allow an endpoint to authenticate over basic authentication. -More info: https://prometheus.io/docs/operating/configuration/#endpoint

- - - - -oauth2
- - -OAuth2 - - - - -(Optional) -

oauth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.

- - - - metricRelabelings
@@ -1813,6 +1754,112 @@ Please note that the .spec.module field takes precedence over the < The module name must be added using Module under ProbeSpec.

+ + +authorization
+ + +SafeAuthorization + + + + +(Optional) +

authorization configures the Authorization header credentials used by +the client.

+

Cannot be set at the same time as basicAuth, bearerTokenSecret or oauth2.

+ + + + +basicAuth
+ + +BasicAuth + + + + +(Optional) +

basicAuth defines the Basic Authentication credentials used by the +client.

+

Cannot be set at the same time as authorization, bearerTokenSecret or oauth2.

+ + + + +oauth2
+ + +OAuth2 + + + + +(Optional) +

oauth2 defines the OAuth2 settings used by the client.

+

It requires Prometheus >= 2.27.0.

+

Cannot be set at the same time as authorization, basicAuth or bearerTokenSecret.

+ + + + +bearerTokenSecret
+ + +Kubernetes core/v1.SecretKeySelector + + + + +(Optional) +

bearerTokenSecret defines a key of a Secret containing the bearer token +used by the client for authentication. The secret needs to be in the +same namespace as the custom resource and readable by the Prometheus +Operator.

+

Cannot be set at the same time as authorization, basicAuth or oauth2.

+

Deprecated: use authorization instead.

+ + + + +tlsConfig
+ + +SafeTLSConfig + + + + +(Optional) +

tlsConfig defines the TLS configuration used by the client.

+ + + + +followRedirects
+ +bool + + + +(Optional) +

followRedirects defines whether the client should follow HTTP 3xx +redirects.

+ + + + +enableHttp2
+ +bool + + + +(Optional) +

enableHttp2 can be used to disable HTTP2.

+ + @@ -6178,8 +6225,8 @@ This has no impact on alerts from Prometheus, as they always include EndsAt.

httpConfig
- -HTTPConfig + +HTTPConfigWithProxy @@ -7781,7 +7828,7 @@ string

BasicAuth

-(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfig, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig) +(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfig, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)

BasicAuth configures HTTP Basic Authentication settings.

@@ -11197,7 +11244,7 @@ Examples: 45ms, 30s, 1m, 1h20m15sHTTPConfig

-(Appears on:AlertmanagerGlobalConfig, PodMetricsEndpoint) +(Appears on:HTTPConfigWithProxy, ProbeSpec)

HTTPConfig defines the configuration for the HTTP client.

@@ -11293,6 +11340,155 @@ SafeTLSConfig +followRedirects
+ +bool + + + +(Optional) +

followRedirects defines whether the client should follow HTTP 3xx +redirects.

+ + + + +enableHttp2
+ +bool + + + +(Optional) +

enableHttp2 can be used to disable HTTP2.

+ + + + +

HTTPConfigWithProxy +

+

+(Appears on:AlertmanagerGlobalConfig, PodMetricsEndpoint) +

+
+

HTTPConfigWithProxy defines the configuration for the HTTP client with proxy configuration.

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - -
FieldDescription
+authorization
+ + +SafeAuthorization + + +		 +(Optional) +

authorization configures the Authorization header credentials used by +the client.

+

Cannot be set at the same time as basicAuth, bearerTokenSecret or oauth2.

+
+basicAuth
+ + +BasicAuth + + +		 +(Optional) +

basicAuth defines the Basic Authentication credentials used by the +client.

+

Cannot be set at the same time as authorization, bearerTokenSecret or oauth2.

+
+oauth2
+ + +OAuth2 + + +		 +(Optional) +

oauth2 defines the OAuth2 settings used by the client.

+

It requires Prometheus >= 2.27.0.

+

Cannot be set at the same time as authorization, basicAuth or bearerTokenSecret.

+
+bearerTokenSecret
+ + +Kubernetes core/v1.SecretKeySelector + + +		 +(Optional) +

bearerTokenSecret defines a key of a Secret containing the bearer token +used by the client for authentication. The secret needs to be in the +same namespace as the custom resource and readable by the Prometheus +Operator.

+

Cannot be set at the same time as authorization, basicAuth or oauth2.

+

Deprecated: use authorization instead.

+
+tlsConfig
+ + +SafeTLSConfig + + +		 +(Optional) +

tlsConfig defines the TLS configuration used by the client.

+
+followRedirects
+ +bool + +		 +(Optional) +

followRedirects defines whether the client should follow HTTP 3xx +redirects.

+
+enableHttp2
+ +bool + +		 +(Optional) +

enableHttp2 can be used to disable HTTP2.

+
proxyUrl
string @@ -11347,31 +11543,6 @@ proxies during CONNECT requests.

It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
-followRedirects
- -bool - -		 -(Optional) -

followRedirects defines whether the client should follow HTTP 3xx -redirects.

-
-enableHttp2
- -bool - -		 -(Optional) -

enableHttp2 can be used to disable HTTP2.

-

HostAlias @@ -11752,7 +11923,7 @@ Examples: 30s, 1m, 1h20m15s, 15dOAuth2

-(Appears on:Endpoint, HTTPConfig, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig) +(Appears on:Endpoint, HTTPConfig, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)

OAuth2 configures OAuth2 settings.

@@ -12498,6 +12669,31 @@ SafeTLSConfig +followRedirects
+ +bool + + + +(Optional) +

followRedirects defines whether the client should follow HTTP 3xx +redirects.

+ + + + +enableHttp2
+ +bool + + + +(Optional) +

enableHttp2 can be used to disable HTTP2.

+ + + + proxyUrl
string @@ -12552,31 +12748,6 @@ proxies during CONNECT requests.

It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.

- - -followRedirects
- -bool - - - -(Optional) -

followRedirects defines whether the client should follow HTTP 3xx -redirects.

- - - - -enableHttp2
- -bool - - - -(Optional) -

enableHttp2 can be used to disable HTTP2.

- -

PodMonitorSpec @@ -13046,65 +13217,6 @@ The value cannot be greater than the scrape interval otherwise the operator will -tlsConfig
- - -SafeTLSConfig - - - - -(Optional) -

tlsConfig defines the TLS configuration to use when scraping the endpoint.

- - - - -bearerTokenSecret
- - -Kubernetes core/v1.SecretKeySelector - - - - -(Optional) -

bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret -needs to be in the same namespace as the probe and accessible by -the Prometheus Operator.

- - - - -basicAuth
- - -BasicAuth - - - - -(Optional) -

basicAuth allow an endpoint to authenticate over basic authentication. -More info: https://prometheus.io/docs/operating/configuration/#endpoint

- - - - -oauth2
- - -OAuth2 - - - - -(Optional) -

oauth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.

- - - - metricRelabelings
@@ -13325,6 +13437,112 @@ Please note that the .spec.module field takes precedence over the < The module name must be added using Module under ProbeSpec.

+ + +authorization
+ + +SafeAuthorization + + + + +(Optional) +

authorization configures the Authorization header credentials used by +the client.

+

Cannot be set at the same time as basicAuth, bearerTokenSecret or oauth2.

+ + + + +basicAuth
+ + +BasicAuth + + + + +(Optional) +

basicAuth defines the Basic Authentication credentials used by the +client.

+

Cannot be set at the same time as authorization, bearerTokenSecret or oauth2.

+ + + + +oauth2
+ + +OAuth2 + + + + +(Optional) +

oauth2 defines the OAuth2 settings used by the client.

+

It requires Prometheus >= 2.27.0.

+

Cannot be set at the same time as authorization, basicAuth or bearerTokenSecret.

+ + + + +bearerTokenSecret
+ + +Kubernetes core/v1.SecretKeySelector + + + + +(Optional) +

bearerTokenSecret defines a key of a Secret containing the bearer token +used by the client for authentication. The secret needs to be in the +same namespace as the custom resource and readable by the Prometheus +Operator.

+

Cannot be set at the same time as authorization, basicAuth or oauth2.

+

Deprecated: use authorization instead.

+ + + + +tlsConfig
+ + +SafeTLSConfig + + + + +(Optional) +

tlsConfig defines the TLS configuration used by the client.

+ + + + +followRedirects
+ +bool + + + +(Optional) +

followRedirects defines whether the client should follow HTTP 3xx +redirects.

+ + + + +enableHttp2
+ +bool + + + +(Optional) +

enableHttp2 can be used to disable HTTP2.

+ +

ProbeTargetIngress @@ -16034,7 +16252,7 @@ A zero value means that Prometheus doesn’t accept any incoming connection.

ProxyConfig

-(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfig, OAuth2, ProberSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, HTTPConfig) +(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfigWithProxy, OAuth2, ProberSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, HTTPConfig)

@@ -17572,7 +17790,7 @@ Kubernetes core/v1.SecretKeySelector

SafeTLSConfig

-(Appears on:ClusterTLSConfig, GlobalSMTPConfig, HTTPConfig, OAuth2, ProbeSpec, TLSConfig, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EmailConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OpenStackSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, EmailConfig, HTTPConfig) +(Appears on:ClusterTLSConfig, GlobalSMTPConfig, HTTPConfig, OAuth2, TLSConfig, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EmailConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OpenStackSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, EmailConfig, HTTPConfig)

SafeTLSConfig specifies safe TLS configuration parameters.

diff --git a/bundle.yaml b/bundle.yaml index 3316c49c6..7d3ca8a66 100644 --- a/bundle.yaml +++ b/bundle.yaml @@ -23379,7 +23379,11 @@ spec: for target discovery by Prometheus. properties: authorization: - description: authorization section for this endpoint + description: |- + authorization configures the Authorization header credentials used by + the client. + + Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`. properties: credentials: description: credentials defines a key of a Secret in the namespace @@ -23417,8 +23421,10 @@ spec: type: object basicAuth: description: |- - basicAuth allow an endpoint to authenticate over basic authentication. - More info: https://prometheus.io/docs/operating/configuration/#endpoint + basicAuth defines the Basic Authentication credentials used by the + client. + + Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`. properties: password: description: |- @@ -23475,9 +23481,14 @@ spec: type: object bearerTokenSecret: description: |- - bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret - needs to be in the same namespace as the probe and accessible by - the Prometheus Operator. + bearerTokenSecret defines a key of a Secret containing the bearer token + used by the client for authentication. The secret needs to be in the + same namespace as the custom resource and readable by the Prometheus + Operator. + + Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`. + + Deprecated: use `authorization` instead. properties: key: description: The key of the secret to select from. Must be a @@ -23504,6 +23515,9 @@ spec: convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets. It requires Prometheus >= v3.0.0. type: boolean + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean fallbackScrapeProtocol: description: |- fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. @@ -23516,6 +23530,11 @@ spec: - PrometheusText0.0.4 - PrometheusText1.0.0 type: string + followRedirects: + description: |- + followRedirects defines whether the client should follow HTTP 3xx + redirects. + type: boolean interval: description: |- interval at which targets are probed using the configured prober. @@ -23663,8 +23682,12 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true oauth2: - description: oauth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. + description: |- + oauth2 defines the OAuth2 settings used by the client. + + It requires Prometheus >= 2.27.0. + + Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`. properties: clientId: description: |- @@ -24434,8 +24457,7 @@ spec: type: object type: object tlsConfig: - description: tlsConfig defines the TLS configuration to use when scraping - the endpoint. + description: tlsConfig defines the TLS configuration used by the client. properties: ca: description: ca defines the Certificate authority used when verifying diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml index 86ad94b44..21a900fed 100644 --- a/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml +++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml @@ -52,7 +52,11 @@ spec: for target discovery by Prometheus. properties: authorization: - description: authorization section for this endpoint + description: |- + authorization configures the Authorization header credentials used by + the client. + + Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`. properties: credentials: description: credentials defines a key of a Secret in the namespace @@ -90,8 +94,10 @@ spec: type: object basicAuth: description: |- - basicAuth allow an endpoint to authenticate over basic authentication. - More info: https://prometheus.io/docs/operating/configuration/#endpoint + basicAuth defines the Basic Authentication credentials used by the + client. + + Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`. properties: password: description: |- @@ -148,9 +154,14 @@ spec: type: object bearerTokenSecret: description: |- - bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret - needs to be in the same namespace as the probe and accessible by - the Prometheus Operator. + bearerTokenSecret defines a key of a Secret containing the bearer token + used by the client for authentication. The secret needs to be in the + same namespace as the custom resource and readable by the Prometheus + Operator. + + Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`. + + Deprecated: use `authorization` instead. properties: key: description: The key of the secret to select from. Must be a @@ -177,6 +188,9 @@ spec: convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets. It requires Prometheus >= v3.0.0. type: boolean + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean fallbackScrapeProtocol: description: |- fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. @@ -189,6 +203,11 @@ spec: - PrometheusText0.0.4 - PrometheusText1.0.0 type: string + followRedirects: + description: |- + followRedirects defines whether the client should follow HTTP 3xx + redirects. + type: boolean interval: description: |- interval at which targets are probed using the configured prober. @@ -336,8 +355,12 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true oauth2: - description: oauth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. + description: |- + oauth2 defines the OAuth2 settings used by the client. + + It requires Prometheus >= 2.27.0. + + Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`. properties: clientId: description: |- @@ -1107,8 +1130,7 @@ spec: type: object type: object tlsConfig: - description: tlsConfig defines the TLS configuration to use when scraping - the endpoint. + description: tlsConfig defines the TLS configuration used by the client. properties: ca: description: ca defines the Certificate authority used when verifying diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml index a75290007..947c4d3f9 100644 --- a/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +++ b/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml @@ -53,7 +53,11 @@ spec: for target discovery by Prometheus. properties: authorization: - description: authorization section for this endpoint + description: |- + authorization configures the Authorization header credentials used by + the client. + + Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`. properties: credentials: description: credentials defines a key of a Secret in the namespace @@ -91,8 +95,10 @@ spec: type: object basicAuth: description: |- - basicAuth allow an endpoint to authenticate over basic authentication. - More info: https://prometheus.io/docs/operating/configuration/#endpoint + basicAuth defines the Basic Authentication credentials used by the + client. + + Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`. properties: password: description: |- @@ -149,9 +155,14 @@ spec: type: object bearerTokenSecret: description: |- - bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret - needs to be in the same namespace as the probe and accessible by - the Prometheus Operator. + bearerTokenSecret defines a key of a Secret containing the bearer token + used by the client for authentication. The secret needs to be in the + same namespace as the custom resource and readable by the Prometheus + Operator. + + Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`. + + Deprecated: use `authorization` instead. properties: key: description: The key of the secret to select from. Must be a @@ -178,6 +189,9 @@ spec: convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets. It requires Prometheus >= v3.0.0. type: boolean + enableHttp2: + description: enableHttp2 can be used to disable HTTP2. + type: boolean fallbackScrapeProtocol: description: |- fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. @@ -190,6 +204,11 @@ spec: - PrometheusText0.0.4 - PrometheusText1.0.0 type: string + followRedirects: + description: |- + followRedirects defines whether the client should follow HTTP 3xx + redirects. + type: boolean interval: description: |- interval at which targets are probed using the configured prober. @@ -337,8 +356,12 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true oauth2: - description: oauth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. + description: |- + oauth2 defines the OAuth2 settings used by the client. + + It requires Prometheus >= 2.27.0. + + Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`. properties: clientId: description: |- @@ -1108,8 +1131,7 @@ spec: type: object type: object tlsConfig: - description: tlsConfig defines the TLS configuration to use when scraping - the endpoint. + description: tlsConfig defines the TLS configuration used by the client. properties: ca: description: ca defines the Certificate authority used when verifying diff --git a/jsonnet/prometheus-operator/probes-crd.json b/jsonnet/prometheus-operator/probes-crd.json index d4c9c7a72..17ad030cf 100644 --- a/jsonnet/prometheus-operator/probes-crd.json +++ b/jsonnet/prometheus-operator/probes-crd.json @@ -45,7 +45,7 @@ "description": "spec defines the specification of desired Ingress selection for target discovery by Prometheus.", "properties": { "authorization": { - "description": "authorization section for this endpoint", + "description": "authorization configures the Authorization header credentials used by\nthe client.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.", "properties": { "credentials": { "description": "credentials defines a key of a Secret in the namespace that contains the credentials for authentication.", @@ -78,7 +78,7 @@ "type": "object" }, "basicAuth": { - "description": "basicAuth allow an endpoint to authenticate over basic authentication.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoint", + "description": "basicAuth defines the Basic Authentication credentials used by the\nclient.\n\nCannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.", "properties": { "password": { "description": "password defines a key of a Secret containing the password for\nauthentication.", @@ -130,7 +130,7 @@ "type": "object" }, "bearerTokenSecret": { - "description": "bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret\nneeds to be in the same namespace as the probe and accessible by\nthe Prometheus Operator.", + "description": "bearerTokenSecret defines a key of a Secret containing the bearer token\nused by the client for authentication. The secret needs to be in the\nsame namespace as the custom resource and readable by the Prometheus\nOperator.\n\nCannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.\n\nDeprecated: use `authorization` instead.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", @@ -156,6 +156,10 @@ "description": "convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets.\nIt requires Prometheus >= v3.0.0.", "type": "boolean" }, + "enableHttp2": { + "description": "enableHttp2 can be used to disable HTTP2.", + "type": "boolean" + }, "fallbackScrapeProtocol": { "description": "fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0.", "enum": [ @@ -167,6 +171,10 @@ ], "type": "string" }, + "followRedirects": { + "description": "followRedirects defines whether the client should follow HTTP 3xx\nredirects.", + "type": "boolean" + }, "interval": { "description": "interval at which targets are probed using the configured prober.\nIf not specified Prometheus' global scrape interval is used.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", @@ -287,7 +295,7 @@ "x-kubernetes-int-or-string": true }, "oauth2": { - "description": "oauth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.", + "description": "oauth2 defines the OAuth2 settings used by the client.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.", "properties": { "clientId": { "description": "clientId defines a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", @@ -972,7 +980,7 @@ "type": "object" }, "tlsConfig": { - "description": "tlsConfig defines the TLS configuration to use when scraping the endpoint.", + "description": "tlsConfig defines the TLS configuration used by the client.", "properties": { "ca": { "description": "ca defines the Certificate authority used when verifying server certificates.", diff --git a/pkg/alertmanager/amcfg.go b/pkg/alertmanager/amcfg.go index e81423d2d..69654180c 100644 --- a/pkg/alertmanager/amcfg.go +++ b/pkg/alertmanager/amcfg.go @@ -434,17 +434,17 @@ func (cb *ConfigBuilder) convertGlobalConfig(ctx context.Context, in *monitoring } } - if in.HTTPConfig != nil { + if in.HTTPConfigWithProxy != nil { v1alpha1Config := monitoringv1alpha1.HTTPConfig{ - Authorization: in.HTTPConfig.Authorization, - BasicAuth: in.HTTPConfig.BasicAuth, - OAuth2: in.HTTPConfig.OAuth2, + Authorization: in.HTTPConfigWithProxy.Authorization, + BasicAuth: in.HTTPConfigWithProxy.BasicAuth, + OAuth2: in.HTTPConfigWithProxy.OAuth2, //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. - BearerTokenSecret: in.HTTPConfig.BearerTokenSecret, - TLSConfig: in.HTTPConfig.TLSConfig, - ProxyConfig: in.HTTPConfig.ProxyConfig, - FollowRedirects: in.HTTPConfig.FollowRedirects, - EnableHTTP2: in.HTTPConfig.EnableHTTP2, + BearerTokenSecret: in.HTTPConfigWithProxy.BearerTokenSecret, + TLSConfig: in.HTTPConfigWithProxy.TLSConfig, + ProxyConfig: in.HTTPConfigWithProxy.ProxyConfig, + FollowRedirects: in.HTTPConfigWithProxy.FollowRedirects, + EnableHTTP2: in.HTTPConfigWithProxy.EnableHTTP2, } httpConfig, err := cb.convertHTTPConfig(ctx, &v1alpha1Config, crKey) diff --git a/pkg/alertmanager/amcfg_test.go b/pkg/alertmanager/amcfg_test.go index 48aeb7f52..80ffd9c25 100644 --- a/pkg/alertmanager/amcfg_test.go +++ b/pkg/alertmanager/amcfg_test.go @@ -146,29 +146,31 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, ResolveTimeout: "30s", - HTTPConfig: &monitoringv1.HTTPConfig{ - OAuth2: &monitoringv1.OAuth2{ - ClientID: monitoringv1.SecretOrConfigMap{ - ConfigMap: &corev1.ConfigMapKeySelector{ + HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{ + OAuth2: &monitoringv1.OAuth2{ + ClientID: monitoringv1.SecretOrConfigMap{ + ConfigMap: &corev1.ConfigMapKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "webhook-client-id", + }, + Key: "test", + }, + }, + ClientSecret: corev1.SecretKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ - Name: "webhook-client-id", + Name: "webhook-client-secret", }, Key: "test", }, - }, - ClientSecret: corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "webhook-client-secret", + TokenURL: "https://test.com", + Scopes: []string{"any"}, + EndpointParams: map[string]string{ + "some": "value", }, - Key: "test", - }, - TokenURL: "https://test.com", - Scopes: []string{"any"}, - EndpointParams: map[string]string{ - "some": "value", }, + FollowRedirects: ptr.To(true), }, - FollowRedirects: ptr.To(true), }, }, amConfig: &monitoringv1alpha1.AlertmanagerConfig{ @@ -204,18 +206,20 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { name: "valid global config with global HTTPConfig CA", amVersion: &version28, globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ - HTTPConfig: &monitoringv1.HTTPConfig{ - TLSConfig: &monitoringv1.SafeTLSConfig{ - CA: monitoringv1.SecretOrConfigMap{ - ConfigMap: &corev1.ConfigMapKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "proxy-ca-certificate", + HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{ + TLSConfig: &monitoringv1.SafeTLSConfig{ + CA: monitoringv1.SecretOrConfigMap{ + ConfigMap: &corev1.ConfigMapKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "proxy-ca-certificate", + }, + Key: "certificate", }, - Key: "certificate", }, }, + FollowRedirects: ptr.To(true), }, - FollowRedirects: ptr.To(true), }, }, amConfig: &monitoringv1alpha1.AlertmanagerConfig{ @@ -622,8 +626,10 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { name: "globalConfig has null resolve timeout", globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ - HTTPConfig: &monitoringv1.HTTPConfig{ - FollowRedirects: ptr.To(true), + HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{ + FollowRedirects: ptr.To(true), + }, }, }, amConfig: &monitoringv1alpha1.AlertmanagerConfig{ @@ -650,7 +656,10 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { { name: "globalConfig httpconfig/proxyconfig has null secretKey for proxyConnectHeader", globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ - HTTPConfig: &monitoringv1.HTTPConfig{ + HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{ + FollowRedirects: ptr.To(true), + }, ProxyConfig: monitoringv1.ProxyConfig{ ProxyURL: ptr.To("http://example.com"), NoProxy: ptr.To("svc.cluster.local"), @@ -665,7 +674,6 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - FollowRedirects: ptr.To(true), }, }, amConfig: &monitoringv1alpha1.AlertmanagerConfig{ @@ -693,7 +701,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { name: "valid globalConfig httpconfig/proxyconfig/proxyConnectHeader with amVersion24", amVersion: &version24, globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ - HTTPConfig: &monitoringv1.HTTPConfig{ + HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{ ProxyConfig: monitoringv1.ProxyConfig{ ProxyURL: ptr.To("http://example.com"), NoProxy: ptr.To("svc.cluster.local"), @@ -708,7 +716,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - FollowRedirects: ptr.To(true), + HTTPConfig: monitoringv1.HTTPConfig{ + FollowRedirects: ptr.To(true), + }, }, }, amConfig: &monitoringv1alpha1.AlertmanagerConfig{ @@ -736,7 +746,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { name: "valid globalConfig httpconfig/proxyconfig/proxyConnectHeader with amVersion26", amVersion: &version26, globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ - HTTPConfig: &monitoringv1.HTTPConfig{ + HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{ ProxyConfig: monitoringv1.ProxyConfig{ ProxyURL: ptr.To("http://example.com"), NoProxy: ptr.To("svc.cluster.local"), @@ -751,7 +761,9 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, }, - FollowRedirects: ptr.To(true), + HTTPConfig: monitoringv1.HTTPConfig{ + FollowRedirects: ptr.To(true), + }, }, }, amConfig: &monitoringv1alpha1.AlertmanagerConfig{ @@ -907,29 +919,31 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { }, }, ResolveTimeout: "30s", - HTTPConfig: &monitoringv1.HTTPConfig{ - OAuth2: &monitoringv1.OAuth2{ - ClientID: monitoringv1.SecretOrConfigMap{ - ConfigMap: &corev1.ConfigMapKeySelector{ + HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{ + OAuth2: &monitoringv1.OAuth2{ + ClientID: monitoringv1.SecretOrConfigMap{ + ConfigMap: &corev1.ConfigMapKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "webhook-client-id", + }, + Key: "test", + }, + }, + ClientSecret: corev1.SecretKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ - Name: "webhook-client-id", + Name: "webhook-client-secret", }, Key: "test", }, - }, - ClientSecret: corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "webhook-client-secret", + TokenURL: "https://test.com", + Scopes: []string{"any"}, + EndpointParams: map[string]string{ + "some": "value", }, - Key: "test", - }, - TokenURL: "https://test.com", - Scopes: []string{"any"}, - EndpointParams: map[string]string{ - "some": "value", }, + FollowRedirects: ptr.To(true), }, - FollowRedirects: ptr.To(true), }, }, amConfig: &monitoringv1alpha1.AlertmanagerConfig{ @@ -1805,43 +1819,45 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) { amVersion: &version28, globalConfig: &monitoringv1.AlertmanagerGlobalConfig{ ResolveTimeout: "30s", - HTTPConfig: &monitoringv1.HTTPConfig{ - OAuth2: &monitoringv1.OAuth2{ - ClientID: monitoringv1.SecretOrConfigMap{ - ConfigMap: &corev1.ConfigMapKeySelector{ + HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{ + OAuth2: &monitoringv1.OAuth2{ + ClientID: monitoringv1.SecretOrConfigMap{ + ConfigMap: &corev1.ConfigMapKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "webhook-client-id", + }, + Key: "test", + }, + }, + ClientSecret: corev1.SecretKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ - Name: "webhook-client-id", + Name: "webhook-client-secret", + }, + Key: "test", + }, + TokenURL: "https://test.com", + Scopes: []string{"any"}, + EndpointParams: map[string]string{ + "some": "value", + }, + }, + BasicAuth: &monitoringv1.BasicAuth{ + Username: corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "webhook-client-secret", + }, + Key: "test", + }, + Password: corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "webhook-client-secret", }, Key: "test", }, }, - ClientSecret: corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "webhook-client-secret", - }, - Key: "test", - }, - TokenURL: "https://test.com", - Scopes: []string{"any"}, - EndpointParams: map[string]string{ - "some": "value", - }, + FollowRedirects: ptr.To(true), }, - BasicAuth: &monitoringv1.BasicAuth{ - Username: corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "webhook-client-secret", - }, - Key: "test", - }, - Password: corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "webhook-client-secret", - }, - Key: "test", - }, - }, - FollowRedirects: ptr.To(true), }, }, amConfig: &monitoringv1alpha1.AlertmanagerConfig{ diff --git a/pkg/alertmanager/validation/v1/validation.go b/pkg/alertmanager/validation/v1/validation.go index c8e64d72f..ce75697a1 100644 --- a/pkg/alertmanager/validation/v1/validation.go +++ b/pkg/alertmanager/validation/v1/validation.go @@ -25,7 +25,7 @@ func ValidateAlertmanagerGlobalConfig(gc *monitoringv1.AlertmanagerGlobalConfig) return nil } - if err := gc.HTTPConfig.Validate(); err != nil { + if err := gc.HTTPConfigWithProxy.Validate(); err != nil { return fmt.Errorf("httpConfig: %w", err) } diff --git a/pkg/apis/monitoring/v1/alertmanager_types.go b/pkg/apis/monitoring/v1/alertmanager_types.go index 29de79728..68006d79b 100644 --- a/pkg/apis/monitoring/v1/alertmanager_types.go +++ b/pkg/apis/monitoring/v1/alertmanager_types.go @@ -452,7 +452,7 @@ type AlertmanagerGlobalConfig struct { // httpConfig defines the default HTTP configuration. // +optional - HTTPConfig *HTTPConfig `json:"httpConfig,omitempty"` + HTTPConfigWithProxy *HTTPConfigWithProxy `json:"httpConfig,omitempty"` // slackApiUrl defines the default Slack API URL. // +optional diff --git a/pkg/apis/monitoring/v1/http_config.go b/pkg/apis/monitoring/v1/http_config.go index 3d7a0b823..c76b511e6 100644 --- a/pkg/apis/monitoring/v1/http_config.go +++ b/pkg/apis/monitoring/v1/http_config.go @@ -21,6 +21,25 @@ import ( v1 "k8s.io/api/core/v1" ) +// HTTPConfigWithProxy defines the configuration for the HTTP client with proxy configuration. +type HTTPConfigWithProxy struct { + HTTPConfig `json:",inline"` + ProxyConfig `json:",inline"` +} + +// Validate semantically validates the given HTTPConfigWithProxy. +func (hc *HTTPConfigWithProxy) Validate() error { + if hc == nil { + return nil + } + + if err := hc.HTTPConfig.Validate(); err != nil { + return err + } + + return hc.ProxyConfig.Validate() +} + // HTTPConfig defines the configuration for the HTTP client. type HTTPConfig struct { // authorization configures the Authorization header credentials used by @@ -65,8 +84,6 @@ type HTTPConfig struct { // +optional TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"` - ProxyConfig `json:",inline"` - // followRedirects defines whether the client should follow HTTP 3xx // redirects. // @@ -122,9 +139,5 @@ func (hc *HTTPConfig) Validate() error { return fmt.Errorf("tlsConfig: %w", err) } - if err := hc.ProxyConfig.Validate(); err != nil { - return err - } - return nil } diff --git a/pkg/apis/monitoring/v1/podmonitor_types.go b/pkg/apis/monitoring/v1/podmonitor_types.go index 8f439fd11..35614b7ab 100644 --- a/pkg/apis/monitoring/v1/podmonitor_types.go +++ b/pkg/apis/monitoring/v1/podmonitor_types.go @@ -331,5 +331,5 @@ type PodMetricsEndpoint struct { // +optional FilterRunning *bool `json:"filterRunning,omitempty"` - HTTPConfig `json:",inline"` + HTTPConfigWithProxy `json:",inline"` } diff --git a/pkg/apis/monitoring/v1/probe_types.go b/pkg/apis/monitoring/v1/probe_types.go index 34218f4ca..51594931d 100644 --- a/pkg/apis/monitoring/v1/probe_types.go +++ b/pkg/apis/monitoring/v1/probe_types.go @@ -17,7 +17,6 @@ package v1 import ( "errors" - v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" ) @@ -75,10 +74,12 @@ type ProbeSpec struct { // jobName assigned to scraped metrics by default. // +optional JobName string `json:"jobName,omitempty"` + // prober defines the specification for the prober to use for probing targets. // The prober.URL parameter is required. Targets cannot be probed if left empty. // +optional ProberSpec ProberSpec `json:"prober,omitempty"` + // module to use for probing specifying how to probe the target. // Example module configuring in the blackbox exporter: // https://github.com/prometheus/blackbox_exporter/blob/master/example.yml @@ -96,21 +97,7 @@ type ProbeSpec struct { // The value cannot be greater than the scrape interval otherwise the operator will reject the resource. // +optional ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"` - // tlsConfig defines the TLS configuration to use when scraping the endpoint. - // +optional - TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"` - // bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret - // needs to be in the same namespace as the probe and accessible by - // the Prometheus Operator. - // +optional - BearerTokenSecret v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` - // basicAuth allow an endpoint to authenticate over basic authentication. - // More info: https://prometheus.io/docs/operating/configuration/#endpoint - // +optional - BasicAuth *BasicAuth `json:"basicAuth,omitempty"` - // oauth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. - // +optional - OAuth2 *OAuth2 `json:"oauth2,omitempty"` + // metricRelabelings defines the RelabelConfig to apply to samples before ingestion. // +optional MetricRelabelConfigs []RelabelConfig `json:"metricRelabelings,omitempty"` @@ -133,19 +120,23 @@ type ProbeSpec struct { // +listType=set // +optional ScrapeProtocols []ScrapeProtocol `json:"scrapeProtocols,omitempty"` + // fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. // // It requires Prometheus >= v3.0.0. // +optional FallbackScrapeProtocol *ScrapeProtocol `json:"fallbackScrapeProtocol,omitempty"` + // labelLimit defines the per-scrape limit on number of labels that will be accepted for a sample. // Only valid in Prometheus versions 2.27.0 and newer. // +optional LabelLimit *uint64 `json:"labelLimit,omitempty"` + // labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample. // Only valid in Prometheus versions 2.27.0 and newer. // +optional LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"` + // labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample. // Only valid in Prometheus versions 2.27.0 and newer. // +optional @@ -153,6 +144,7 @@ type ProbeSpec struct { // +optional NativeHistogramConfig `json:",inline"` + // keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling // that will be kept in memory. 0 means no limit. // @@ -174,6 +166,8 @@ type ProbeSpec struct { // +listType=map // +listMapKey=name Params []ProbeParam `json:"params,omitempty"` + + HTTPConfig `json:",inline"` } // ProbeParam defines specification of extra parameters for a Probe. diff --git a/pkg/apis/monitoring/v1/probe_types_test.go b/pkg/apis/monitoring/v1/probe_types_test.go index 46351373f..85d777a77 100644 --- a/pkg/apis/monitoring/v1/probe_types_test.go +++ b/pkg/apis/monitoring/v1/probe_types_test.go @@ -89,7 +89,7 @@ func TestMarshallProbe(t *testing.T) { }, }, } - expected := `{"metadata":{"name":"test","namespace":"default","labels":{"group":"group1"}},"spec":{"prober":{"url":""},"targets":{"staticConfig":{"static":["prometheus.io"],"labels":{"env":"prometheus"}}},"bearerTokenSecret":{"key":""}}}` + expected := `{"metadata":{"name":"test","namespace":"default","labels":{"group":"group1"}},"spec":{"prober":{"url":""},"targets":{"staticConfig":{"static":["prometheus.io"],"labels":{"env":"prometheus"}}}}}` r, err := json.Marshal(sm) if err != nil { @@ -97,6 +97,6 @@ func TestMarshallProbe(t *testing.T) { } rs := string(r) if rs != expected { - t.Fatalf("Got %s expected: %s ", rs, expected) + t.Fatalf("Got %s\nExpected: %s ", rs, expected) } } diff --git a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go index 03b17df8b..ac80f7c0a 100644 --- a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go +++ b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go @@ -228,9 +228,9 @@ func (in *AlertmanagerGlobalConfig) DeepCopyInto(out *AlertmanagerGlobalConfig) *out = new(GlobalSMTPConfig) (*in).DeepCopyInto(*out) } - if in.HTTPConfig != nil { - in, out := &in.HTTPConfig, &out.HTTPConfig - *out = new(HTTPConfig) + if in.HTTPConfigWithProxy != nil { + in, out := &in.HTTPConfigWithProxy, &out.HTTPConfigWithProxy + *out = new(HTTPConfigWithProxy) (*in).DeepCopyInto(*out) } if in.SlackAPIURL != nil { @@ -1696,7 +1696,6 @@ func (in *HTTPConfig) DeepCopyInto(out *HTTPConfig) { *out = new(SafeTLSConfig) (*in).DeepCopyInto(*out) } - in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) if in.FollowRedirects != nil { in, out := &in.FollowRedirects, &out.FollowRedirects *out = new(bool) @@ -1719,6 +1718,23 @@ func (in *HTTPConfig) DeepCopy() *HTTPConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPConfigWithProxy) DeepCopyInto(out *HTTPConfigWithProxy) { + *out = *in + in.HTTPConfig.DeepCopyInto(&out.HTTPConfig) + in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPConfigWithProxy. +func (in *HTTPConfigWithProxy) DeepCopy() *HTTPConfigWithProxy { + if in == nil { + return nil + } + out := new(HTTPConfigWithProxy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HostAlias) DeepCopyInto(out *HostAlias) { *out = *in @@ -2069,7 +2085,7 @@ func (in *PodMetricsEndpoint) DeepCopyInto(out *PodMetricsEndpoint) { *out = new(bool) **out = **in } - in.HTTPConfig.DeepCopyInto(&out.HTTPConfig) + in.HTTPConfigWithProxy.DeepCopyInto(&out.HTTPConfigWithProxy) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodMetricsEndpoint. @@ -2283,22 +2299,6 @@ func (in *ProbeSpec) DeepCopyInto(out *ProbeSpec) { *out = *in in.ProberSpec.DeepCopyInto(&out.ProberSpec) in.Targets.DeepCopyInto(&out.Targets) - if in.TLSConfig != nil { - in, out := &in.TLSConfig, &out.TLSConfig - *out = new(SafeTLSConfig) - (*in).DeepCopyInto(*out) - } - in.BearerTokenSecret.DeepCopyInto(&out.BearerTokenSecret) - if in.BasicAuth != nil { - in, out := &in.BasicAuth, &out.BasicAuth - *out = new(BasicAuth) - (*in).DeepCopyInto(*out) - } - if in.OAuth2 != nil { - in, out := &in.OAuth2, &out.OAuth2 - *out = new(OAuth2) - (*in).DeepCopyInto(*out) - } if in.MetricRelabelConfigs != nil { in, out := &in.MetricRelabelConfigs, &out.MetricRelabelConfigs *out = make([]RelabelConfig, len(*in)) @@ -2364,6 +2364,7 @@ func (in *ProbeSpec) DeepCopyInto(out *ProbeSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + in.HTTPConfig.DeepCopyInto(&out.HTTPConfig) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProbeSpec. diff --git a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerglobalconfig.go b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerglobalconfig.go index a9cd77c60..47a3582cf 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerglobalconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerglobalconfig.go @@ -24,19 +24,19 @@ import ( // AlertmanagerGlobalConfigApplyConfiguration represents a declarative configuration of the AlertmanagerGlobalConfig type for use // with apply. type AlertmanagerGlobalConfigApplyConfiguration struct { - SMTPConfig *GlobalSMTPConfigApplyConfiguration `json:"smtp,omitempty"` - ResolveTimeout *monitoringv1.Duration `json:"resolveTimeout,omitempty"` - HTTPConfig *HTTPConfigApplyConfiguration `json:"httpConfig,omitempty"` - SlackAPIURL *corev1.SecretKeySelector `json:"slackApiUrl,omitempty"` - OpsGenieAPIURL *corev1.SecretKeySelector `json:"opsGenieApiUrl,omitempty"` - OpsGenieAPIKey *corev1.SecretKeySelector `json:"opsGenieApiKey,omitempty"` - PagerdutyURL *monitoringv1.URL `json:"pagerdutyUrl,omitempty"` - TelegramConfig *GlobalTelegramConfigApplyConfiguration `json:"telegram,omitempty"` - JiraConfig *GlobalJiraConfigApplyConfiguration `json:"jira,omitempty"` - VictorOpsConfig *GlobalVictorOpsConfigApplyConfiguration `json:"victorops,omitempty"` - RocketChatConfig *GlobalRocketChatConfigApplyConfiguration `json:"rocketChat,omitempty"` - WebexConfig *GlobalWebexConfigApplyConfiguration `json:"webex,omitempty"` - WeChatConfig *GlobalWeChatConfigApplyConfiguration `json:"wechat,omitempty"` + SMTPConfig *GlobalSMTPConfigApplyConfiguration `json:"smtp,omitempty"` + ResolveTimeout *monitoringv1.Duration `json:"resolveTimeout,omitempty"` + HTTPConfigWithProxy *HTTPConfigWithProxyApplyConfiguration `json:"httpConfig,omitempty"` + SlackAPIURL *corev1.SecretKeySelector `json:"slackApiUrl,omitempty"` + OpsGenieAPIURL *corev1.SecretKeySelector `json:"opsGenieApiUrl,omitempty"` + OpsGenieAPIKey *corev1.SecretKeySelector `json:"opsGenieApiKey,omitempty"` + PagerdutyURL *monitoringv1.URL `json:"pagerdutyUrl,omitempty"` + TelegramConfig *GlobalTelegramConfigApplyConfiguration `json:"telegram,omitempty"` + JiraConfig *GlobalJiraConfigApplyConfiguration `json:"jira,omitempty"` + VictorOpsConfig *GlobalVictorOpsConfigApplyConfiguration `json:"victorops,omitempty"` + RocketChatConfig *GlobalRocketChatConfigApplyConfiguration `json:"rocketChat,omitempty"` + WebexConfig *GlobalWebexConfigApplyConfiguration `json:"webex,omitempty"` + WeChatConfig *GlobalWeChatConfigApplyConfiguration `json:"wechat,omitempty"` } // AlertmanagerGlobalConfigApplyConfiguration constructs a declarative configuration of the AlertmanagerGlobalConfig type for use with @@ -61,11 +61,11 @@ func (b *AlertmanagerGlobalConfigApplyConfiguration) WithResolveTimeout(value mo return b } -// WithHTTPConfig sets the HTTPConfig field in the declarative configuration to the given value +// WithHTTPConfigWithProxy sets the HTTPConfigWithProxy field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the HTTPConfig field is set to the value of the last call. -func (b *AlertmanagerGlobalConfigApplyConfiguration) WithHTTPConfig(value *HTTPConfigApplyConfiguration) *AlertmanagerGlobalConfigApplyConfiguration { - b.HTTPConfig = value +// If called multiple times, the HTTPConfigWithProxy field is set to the value of the last call. +func (b *AlertmanagerGlobalConfigApplyConfiguration) WithHTTPConfigWithProxy(value *HTTPConfigWithProxyApplyConfiguration) *AlertmanagerGlobalConfigApplyConfiguration { + b.HTTPConfigWithProxy = value return b } diff --git a/pkg/client/applyconfiguration/monitoring/v1/httpconfig.go b/pkg/client/applyconfiguration/monitoring/v1/httpconfig.go index 3e724da1b..784cef4b1 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/httpconfig.go +++ b/pkg/client/applyconfiguration/monitoring/v1/httpconfig.go @@ -23,14 +23,13 @@ import ( // HTTPConfigApplyConfiguration represents a declarative configuration of the HTTPConfig type for use // with apply. type HTTPConfigApplyConfiguration struct { - Authorization *SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` - BasicAuth *BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` - OAuth2 *OAuth2ApplyConfiguration `json:"oauth2,omitempty"` - BearerTokenSecret *corev1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` - TLSConfig *SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` - ProxyConfigApplyConfiguration `json:",inline"` - FollowRedirects *bool `json:"followRedirects,omitempty"` - EnableHTTP2 *bool `json:"enableHttp2,omitempty"` + Authorization *SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` + BasicAuth *BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` + OAuth2 *OAuth2ApplyConfiguration `json:"oauth2,omitempty"` + BearerTokenSecret *corev1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` + TLSConfig *SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + FollowRedirects *bool `json:"followRedirects,omitempty"` + EnableHTTP2 *bool `json:"enableHttp2,omitempty"` } // HTTPConfigApplyConfiguration constructs a declarative configuration of the HTTPConfig type for use with @@ -79,44 +78,6 @@ func (b *HTTPConfigApplyConfiguration) WithTLSConfig(value *SafeTLSConfigApplyCo return b } -// WithProxyURL sets the ProxyURL field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the ProxyURL field is set to the value of the last call. -func (b *HTTPConfigApplyConfiguration) WithProxyURL(value string) *HTTPConfigApplyConfiguration { - b.ProxyConfigApplyConfiguration.ProxyURL = &value - return b -} - -// WithNoProxy sets the NoProxy field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the NoProxy field is set to the value of the last call. -func (b *HTTPConfigApplyConfiguration) WithNoProxy(value string) *HTTPConfigApplyConfiguration { - b.ProxyConfigApplyConfiguration.NoProxy = &value - return b -} - -// WithProxyFromEnvironment sets the ProxyFromEnvironment field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the ProxyFromEnvironment field is set to the value of the last call. -func (b *HTTPConfigApplyConfiguration) WithProxyFromEnvironment(value bool) *HTTPConfigApplyConfiguration { - b.ProxyConfigApplyConfiguration.ProxyFromEnvironment = &value - return b -} - -// WithProxyConnectHeader puts the entries into the ProxyConnectHeader field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, the entries provided by each call will be put on the ProxyConnectHeader field, -// overwriting an existing map entries in ProxyConnectHeader field with the same key. -func (b *HTTPConfigApplyConfiguration) WithProxyConnectHeader(entries map[string][]corev1.SecretKeySelector) *HTTPConfigApplyConfiguration { - if b.ProxyConfigApplyConfiguration.ProxyConnectHeader == nil && len(entries) > 0 { - b.ProxyConfigApplyConfiguration.ProxyConnectHeader = make(map[string][]corev1.SecretKeySelector, len(entries)) - } - for k, v := range entries { - b.ProxyConfigApplyConfiguration.ProxyConnectHeader[k] = v - } - return b -} - // WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the FollowRedirects field is set to the value of the last call. diff --git a/pkg/client/applyconfiguration/monitoring/v1/httpconfigwithproxy.go b/pkg/client/applyconfiguration/monitoring/v1/httpconfigwithproxy.go new file mode 100644 index 000000000..51949757a --- /dev/null +++ b/pkg/client/applyconfiguration/monitoring/v1/httpconfigwithproxy.go @@ -0,0 +1,128 @@ +// Copyright The prometheus-operator Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" +) + +// HTTPConfigWithProxyApplyConfiguration represents a declarative configuration of the HTTPConfigWithProxy type for use +// with apply. +type HTTPConfigWithProxyApplyConfiguration struct { + HTTPConfigApplyConfiguration `json:",inline"` + ProxyConfigApplyConfiguration `json:",inline"` +} + +// HTTPConfigWithProxyApplyConfiguration constructs a declarative configuration of the HTTPConfigWithProxy type for use with +// apply. +func HTTPConfigWithProxy() *HTTPConfigWithProxyApplyConfiguration { + return &HTTPConfigWithProxyApplyConfiguration{} +} + +// WithAuthorization sets the Authorization field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Authorization field is set to the value of the last call. +func (b *HTTPConfigWithProxyApplyConfiguration) WithAuthorization(value *SafeAuthorizationApplyConfiguration) *HTTPConfigWithProxyApplyConfiguration { + b.HTTPConfigApplyConfiguration.Authorization = value + return b +} + +// WithBasicAuth sets the BasicAuth field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BasicAuth field is set to the value of the last call. +func (b *HTTPConfigWithProxyApplyConfiguration) WithBasicAuth(value *BasicAuthApplyConfiguration) *HTTPConfigWithProxyApplyConfiguration { + b.HTTPConfigApplyConfiguration.BasicAuth = value + return b +} + +// WithOAuth2 sets the OAuth2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OAuth2 field is set to the value of the last call. +func (b *HTTPConfigWithProxyApplyConfiguration) WithOAuth2(value *OAuth2ApplyConfiguration) *HTTPConfigWithProxyApplyConfiguration { + b.HTTPConfigApplyConfiguration.OAuth2 = value + return b +} + +// WithBearerTokenSecret sets the BearerTokenSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BearerTokenSecret field is set to the value of the last call. +func (b *HTTPConfigWithProxyApplyConfiguration) WithBearerTokenSecret(value corev1.SecretKeySelector) *HTTPConfigWithProxyApplyConfiguration { + b.HTTPConfigApplyConfiguration.BearerTokenSecret = &value + return b +} + +// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSConfig field is set to the value of the last call. +func (b *HTTPConfigWithProxyApplyConfiguration) WithTLSConfig(value *SafeTLSConfigApplyConfiguration) *HTTPConfigWithProxyApplyConfiguration { + b.HTTPConfigApplyConfiguration.TLSConfig = value + return b +} + +// WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FollowRedirects field is set to the value of the last call. +func (b *HTTPConfigWithProxyApplyConfiguration) WithFollowRedirects(value bool) *HTTPConfigWithProxyApplyConfiguration { + b.HTTPConfigApplyConfiguration.FollowRedirects = &value + return b +} + +// WithEnableHTTP2 sets the EnableHTTP2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EnableHTTP2 field is set to the value of the last call. +func (b *HTTPConfigWithProxyApplyConfiguration) WithEnableHTTP2(value bool) *HTTPConfigWithProxyApplyConfiguration { + b.HTTPConfigApplyConfiguration.EnableHTTP2 = &value + return b +} + +// WithProxyURL sets the ProxyURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyURL field is set to the value of the last call. +func (b *HTTPConfigWithProxyApplyConfiguration) WithProxyURL(value string) *HTTPConfigWithProxyApplyConfiguration { + b.ProxyConfigApplyConfiguration.ProxyURL = &value + return b +} + +// WithNoProxy sets the NoProxy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NoProxy field is set to the value of the last call. +func (b *HTTPConfigWithProxyApplyConfiguration) WithNoProxy(value string) *HTTPConfigWithProxyApplyConfiguration { + b.ProxyConfigApplyConfiguration.NoProxy = &value + return b +} + +// WithProxyFromEnvironment sets the ProxyFromEnvironment field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyFromEnvironment field is set to the value of the last call. +func (b *HTTPConfigWithProxyApplyConfiguration) WithProxyFromEnvironment(value bool) *HTTPConfigWithProxyApplyConfiguration { + b.ProxyConfigApplyConfiguration.ProxyFromEnvironment = &value + return b +} + +// WithProxyConnectHeader puts the entries into the ProxyConnectHeader field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the ProxyConnectHeader field, +// overwriting an existing map entries in ProxyConnectHeader field with the same key. +func (b *HTTPConfigWithProxyApplyConfiguration) WithProxyConnectHeader(entries map[string][]corev1.SecretKeySelector) *HTTPConfigWithProxyApplyConfiguration { + if b.ProxyConfigApplyConfiguration.ProxyConnectHeader == nil && len(entries) > 0 { + b.ProxyConfigApplyConfiguration.ProxyConnectHeader = make(map[string][]corev1.SecretKeySelector, len(entries)) + } + for k, v := range entries { + b.ProxyConfigApplyConfiguration.ProxyConnectHeader[k] = v + } + return b +} diff --git a/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go b/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go index 263727a38..bdf40222e 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go +++ b/pkg/client/applyconfiguration/monitoring/v1/podmetricsendpoint.go @@ -25,21 +25,21 @@ import ( // PodMetricsEndpointApplyConfiguration represents a declarative configuration of the PodMetricsEndpoint type for use // with apply. type PodMetricsEndpointApplyConfiguration struct { - Port *string `json:"port,omitempty"` - PortNumber *int32 `json:"portNumber,omitempty"` - TargetPort *intstr.IntOrString `json:"targetPort,omitempty"` - Path *string `json:"path,omitempty"` - Scheme *monitoringv1.Scheme `json:"scheme,omitempty"` - Params map[string][]string `json:"params,omitempty"` - Interval *monitoringv1.Duration `json:"interval,omitempty"` - ScrapeTimeout *monitoringv1.Duration `json:"scrapeTimeout,omitempty"` - HonorLabels *bool `json:"honorLabels,omitempty"` - HonorTimestamps *bool `json:"honorTimestamps,omitempty"` - TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"` - MetricRelabelConfigs []RelabelConfigApplyConfiguration `json:"metricRelabelings,omitempty"` - RelabelConfigs []RelabelConfigApplyConfiguration `json:"relabelings,omitempty"` - FilterRunning *bool `json:"filterRunning,omitempty"` - HTTPConfigApplyConfiguration `json:",inline"` + Port *string `json:"port,omitempty"` + PortNumber *int32 `json:"portNumber,omitempty"` + TargetPort *intstr.IntOrString `json:"targetPort,omitempty"` + Path *string `json:"path,omitempty"` + Scheme *monitoringv1.Scheme `json:"scheme,omitempty"` + Params map[string][]string `json:"params,omitempty"` + Interval *monitoringv1.Duration `json:"interval,omitempty"` + ScrapeTimeout *monitoringv1.Duration `json:"scrapeTimeout,omitempty"` + HonorLabels *bool `json:"honorLabels,omitempty"` + HonorTimestamps *bool `json:"honorTimestamps,omitempty"` + TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"` + MetricRelabelConfigs []RelabelConfigApplyConfiguration `json:"metricRelabelings,omitempty"` + RelabelConfigs []RelabelConfigApplyConfiguration `json:"relabelings,omitempty"` + FilterRunning *bool `json:"filterRunning,omitempty"` + HTTPConfigWithProxyApplyConfiguration `json:",inline"` } // PodMetricsEndpointApplyConfiguration constructs a declarative configuration of the PodMetricsEndpoint type for use with @@ -216,6 +216,22 @@ func (b *PodMetricsEndpointApplyConfiguration) WithTLSConfig(value *SafeTLSConfi return b } +// WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FollowRedirects field is set to the value of the last call. +func (b *PodMetricsEndpointApplyConfiguration) WithFollowRedirects(value bool) *PodMetricsEndpointApplyConfiguration { + b.HTTPConfigApplyConfiguration.FollowRedirects = &value + return b +} + +// WithEnableHTTP2 sets the EnableHTTP2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EnableHTTP2 field is set to the value of the last call. +func (b *PodMetricsEndpointApplyConfiguration) WithEnableHTTP2(value bool) *PodMetricsEndpointApplyConfiguration { + b.HTTPConfigApplyConfiguration.EnableHTTP2 = &value + return b +} + // WithProxyURL sets the ProxyURL field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the ProxyURL field is set to the value of the last call. @@ -253,19 +269,3 @@ func (b *PodMetricsEndpointApplyConfiguration) WithProxyConnectHeader(entries ma } return b } - -// WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the FollowRedirects field is set to the value of the last call. -func (b *PodMetricsEndpointApplyConfiguration) WithFollowRedirects(value bool) *PodMetricsEndpointApplyConfiguration { - b.HTTPConfigApplyConfiguration.FollowRedirects = &value - return b -} - -// WithEnableHTTP2 sets the EnableHTTP2 field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the EnableHTTP2 field is set to the value of the last call. -func (b *PodMetricsEndpointApplyConfiguration) WithEnableHTTP2(value bool) *PodMetricsEndpointApplyConfiguration { - b.HTTPConfigApplyConfiguration.EnableHTTP2 = &value - return b -} diff --git a/pkg/client/applyconfiguration/monitoring/v1/probespec.go b/pkg/client/applyconfiguration/monitoring/v1/probespec.go index 68fc056d2..c148342bb 100644 --- a/pkg/client/applyconfiguration/monitoring/v1/probespec.go +++ b/pkg/client/applyconfiguration/monitoring/v1/probespec.go @@ -31,10 +31,6 @@ type ProbeSpecApplyConfiguration struct { Targets *ProbeTargetsApplyConfiguration `json:"targets,omitempty"` Interval *monitoringv1.Duration `json:"interval,omitempty"` ScrapeTimeout *monitoringv1.Duration `json:"scrapeTimeout,omitempty"` - TLSConfig *SafeTLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` - BearerTokenSecret *corev1.SecretKeySelector `json:"bearerTokenSecret,omitempty"` - BasicAuth *BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` - OAuth2 *OAuth2ApplyConfiguration `json:"oauth2,omitempty"` MetricRelabelConfigs []RelabelConfigApplyConfiguration `json:"metricRelabelings,omitempty"` Authorization *SafeAuthorizationApplyConfiguration `json:"authorization,omitempty"` SampleLimit *uint64 `json:"sampleLimit,omitempty"` @@ -48,6 +44,7 @@ type ProbeSpecApplyConfiguration struct { KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"` ScrapeClassName *string `json:"scrapeClass,omitempty"` Params []ProbeParamApplyConfiguration `json:"params,omitempty"` + HTTPConfigApplyConfiguration `json:",inline"` } // ProbeSpecApplyConfiguration constructs a declarative configuration of the ProbeSpec type for use with @@ -104,38 +101,6 @@ func (b *ProbeSpecApplyConfiguration) WithScrapeTimeout(value monitoringv1.Durat return b } -// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the TLSConfig field is set to the value of the last call. -func (b *ProbeSpecApplyConfiguration) WithTLSConfig(value *SafeTLSConfigApplyConfiguration) *ProbeSpecApplyConfiguration { - b.TLSConfig = value - return b -} - -// WithBearerTokenSecret sets the BearerTokenSecret field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the BearerTokenSecret field is set to the value of the last call. -func (b *ProbeSpecApplyConfiguration) WithBearerTokenSecret(value corev1.SecretKeySelector) *ProbeSpecApplyConfiguration { - b.BearerTokenSecret = &value - return b -} - -// WithBasicAuth sets the BasicAuth field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the BasicAuth field is set to the value of the last call. -func (b *ProbeSpecApplyConfiguration) WithBasicAuth(value *BasicAuthApplyConfiguration) *ProbeSpecApplyConfiguration { - b.BasicAuth = value - return b -} - -// WithOAuth2 sets the OAuth2 field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the OAuth2 field is set to the value of the last call. -func (b *ProbeSpecApplyConfiguration) WithOAuth2(value *OAuth2ApplyConfiguration) *ProbeSpecApplyConfiguration { - b.OAuth2 = value - return b -} - // WithMetricRelabelConfigs adds the given value to the MetricRelabelConfigs field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the MetricRelabelConfigs field. @@ -275,3 +240,51 @@ func (b *ProbeSpecApplyConfiguration) WithParams(values ...*ProbeParamApplyConfi } return b } + +// WithBasicAuth sets the BasicAuth field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BasicAuth field is set to the value of the last call. +func (b *ProbeSpecApplyConfiguration) WithBasicAuth(value *BasicAuthApplyConfiguration) *ProbeSpecApplyConfiguration { + b.HTTPConfigApplyConfiguration.BasicAuth = value + return b +} + +// WithOAuth2 sets the OAuth2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OAuth2 field is set to the value of the last call. +func (b *ProbeSpecApplyConfiguration) WithOAuth2(value *OAuth2ApplyConfiguration) *ProbeSpecApplyConfiguration { + b.HTTPConfigApplyConfiguration.OAuth2 = value + return b +} + +// WithBearerTokenSecret sets the BearerTokenSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BearerTokenSecret field is set to the value of the last call. +func (b *ProbeSpecApplyConfiguration) WithBearerTokenSecret(value corev1.SecretKeySelector) *ProbeSpecApplyConfiguration { + b.HTTPConfigApplyConfiguration.BearerTokenSecret = &value + return b +} + +// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSConfig field is set to the value of the last call. +func (b *ProbeSpecApplyConfiguration) WithTLSConfig(value *SafeTLSConfigApplyConfiguration) *ProbeSpecApplyConfiguration { + b.HTTPConfigApplyConfiguration.TLSConfig = value + return b +} + +// WithFollowRedirects sets the FollowRedirects field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FollowRedirects field is set to the value of the last call. +func (b *ProbeSpecApplyConfiguration) WithFollowRedirects(value bool) *ProbeSpecApplyConfiguration { + b.HTTPConfigApplyConfiguration.FollowRedirects = &value + return b +} + +// WithEnableHTTP2 sets the EnableHTTP2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EnableHTTP2 field is set to the value of the last call. +func (b *ProbeSpecApplyConfiguration) WithEnableHTTP2(value bool) *ProbeSpecApplyConfiguration { + b.HTTPConfigApplyConfiguration.EnableHTTP2 = &value + return b +} diff --git a/pkg/client/applyconfiguration/utils.go b/pkg/client/applyconfiguration/utils.go index f0002d797..e2d3d5b06 100644 --- a/pkg/client/applyconfiguration/utils.go +++ b/pkg/client/applyconfiguration/utils.go @@ -112,6 +112,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &monitoringv1.HostPortApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("HTTPConfig"): return &monitoringv1.HTTPConfigApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("HTTPConfigWithProxy"): + return &monitoringv1.HTTPConfigWithProxyApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ManagedIdentity"): return &monitoringv1.ManagedIdentityApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("MetadataConfig"): diff --git a/pkg/prometheus/promcfg.go b/pkg/prometheus/promcfg.go index 7fb293f1a..d2f21d094 100644 --- a/pkg/prometheus/promcfg.go +++ b/pkg/prometheus/promcfg.go @@ -1804,8 +1804,8 @@ func (cg *ConfigGenerator) generateProbeConfig( cfg = cg.addTLStoYaml(cfg, s, mergeSafeTLSConfigWithScrapeClass(m.Spec.TLSConfig, scrapeClass)) - if m.Spec.BearerTokenSecret.Name != "" { - b, err := s.GetSecretKey(m.Spec.BearerTokenSecret) + if m.Spec.BearerTokenSecret != nil { //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. + b, err := s.GetSecretKey(*m.Spec.BearerTokenSecret) //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. if err != nil { cg.logger.Error("invalid bearer token reference", "err", err) } else { diff --git a/pkg/prometheus/promcfg_test.go b/pkg/prometheus/promcfg_test.go index 53989b8c6..5ce782881 100644 --- a/pkg/prometheus/promcfg_test.go +++ b/pkg/prometheus/promcfg_test.go @@ -2715,8 +2715,10 @@ func TestEndpointOAuth2(t *testing.T) { Spec: monitoringv1.PodMonitorSpec{ PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{ { - Port: ptr.To("web"), - HTTPConfig: monitoringv1.HTTPConfig{OAuth2: &oauth2}, + Port: ptr.To("web"), + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{OAuth2: &oauth2}, + }, }, }, }, @@ -2736,7 +2738,9 @@ func TestEndpointOAuth2(t *testing.T) { }, }, Spec: monitoringv1.ProbeSpec{ - OAuth2: &oauth2, + HTTPConfig: monitoringv1.HTTPConfig{ + OAuth2: &oauth2, + }, Targets: monitoringv1.ProbeTargets{ StaticConfig: &monitoringv1.ProbeTargetStaticConfig{ Targets: []string{"127.0.0.1"}, @@ -5344,9 +5348,11 @@ func TestPodMonitorEndpointFollowRedirects(t *testing.T) { Spec: monitoringv1.PodMonitorSpec{ PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{ { - Port: ptr.To("web"), - Interval: "30s", - HTTPConfig: monitoringv1.HTTPConfig{FollowRedirects: ptr.To(tc.followRedirects)}, + Port: ptr.To("web"), + Interval: "30s", + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{FollowRedirects: ptr.To(tc.followRedirects)}, + }, }, }, }, @@ -5525,9 +5531,11 @@ func TestPodMonitorEndpointEnableHttp2(t *testing.T) { Spec: monitoringv1.PodMonitorSpec{ PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{ { - Port: ptr.To("web"), - Interval: "30s", - HTTPConfig: monitoringv1.HTTPConfig{EnableHTTP2: ptr.To(tc.enableHTTP2)}, + Port: ptr.To("web"), + Interval: "30s", + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{EnableHTTP2: ptr.To(tc.enableHTTP2)}, + }, }, }, }, diff --git a/pkg/prometheus/resource_selector.go b/pkg/prometheus/resource_selector.go index db71881fd..ab8336307 100644 --- a/pkg/prometheus/resource_selector.go +++ b/pkg/prometheus/resource_selector.go @@ -468,7 +468,7 @@ func (rs *ResourceSelector) checkPodMonitor(ctx context.Context, pm *monitoringv return fmt.Errorf("%w: metricRelabelConfigs: %w", epErr, err) } - if err := rs.addHTTPConfigToStore(ctx, endpoint.HTTPConfig, pm.GetNamespace()); err != nil { + if err := rs.addHTTPConfigToStore(ctx, endpoint.HTTPConfigWithProxy, pm.GetNamespace()); err != nil { return fmt.Errorf("%w: %w", epErr, err) } } @@ -482,7 +482,7 @@ func (rs *ResourceSelector) checkPodMonitor(ctx context.Context, pm *monitoringv func (rs *ResourceSelector) addHTTPConfigToStore( ctx context.Context, - httpConfig monitoringv1.HTTPConfig, + httpConfig monitoringv1.HTTPConfigWithProxy, namespace string) error { if err := httpConfig.Validate(); err != nil { return err @@ -546,8 +546,8 @@ func (rs *ResourceSelector) checkProbe(ctx context.Context, probe *monitoringv1. return err } - if probe.Spec.BearerTokenSecret.Name != "" && probe.Spec.BearerTokenSecret.Key != "" { - if _, err := rs.store.GetSecretKey(ctx, probe.GetNamespace(), probe.Spec.BearerTokenSecret); err != nil { + if probe.Spec.BearerTokenSecret != nil { //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. + if _, err := rs.store.GetSecretKey(ctx, probe.GetNamespace(), *probe.Spec.BearerTokenSecret); err != nil { //nolint:staticcheck // Ignore SA1019 this field is marked as deprecated. return fmt.Errorf("bearerTokenSecret: %w", err) } } diff --git a/pkg/prometheus/resource_selector_test.go b/pkg/prometheus/resource_selector_test.go index b492366b3..d2bf905b5 100644 --- a/pkg/prometheus/resource_selector_test.go +++ b/pkg/prometheus/resource_selector_test.go @@ -1613,7 +1613,7 @@ func TestSelectPodMonitors(t *testing.T) { scenario: "valid proxy config", updateSpec: func(pm *monitoringv1.PodMonitorSpec) { pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{ - HTTPConfig: monitoringv1.HTTPConfig{ + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ ProxyConfig: monitoringv1.ProxyConfig{ ProxyURL: ptr.To("http://no-proxy.com"), NoProxy: ptr.To("0.0.0.0"), @@ -1638,7 +1638,7 @@ func TestSelectPodMonitors(t *testing.T) { scenario: "invalid proxy config with invalid secret key", updateSpec: func(pm *monitoringv1.PodMonitorSpec) { pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{ - HTTPConfig: monitoringv1.HTTPConfig{ + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ ProxyConfig: monitoringv1.ProxyConfig{ ProxyURL: ptr.To("http://no-proxy.com"), NoProxy: ptr.To("0.0.0.0"), @@ -1663,7 +1663,7 @@ func TestSelectPodMonitors(t *testing.T) { scenario: "invalid proxy config due to invalid proxy url", updateSpec: func(pm *monitoringv1.PodMonitorSpec) { pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{ - HTTPConfig: monitoringv1.HTTPConfig{ + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ ProxyConfig: monitoringv1.ProxyConfig{ ProxyURL: ptr.To("http://xxx-${dev}.svc.cluster.local:80"), NoProxy: ptr.To("0.0.0.0"), @@ -1688,7 +1688,7 @@ func TestSelectPodMonitors(t *testing.T) { scenario: "invalid proxy config with noProxy defined but proxy from environment set to true", updateSpec: func(pm *monitoringv1.PodMonitorSpec) { pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{ - HTTPConfig: monitoringv1.HTTPConfig{ + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ ProxyConfig: monitoringv1.ProxyConfig{ NoProxy: ptr.To("0.0.0.0"), ProxyFromEnvironment: ptr.To(true), @@ -1712,7 +1712,7 @@ func TestSelectPodMonitors(t *testing.T) { scenario: "invalid proxy config with proxy url defined but proxy from environment set to true", updateSpec: func(pm *monitoringv1.PodMonitorSpec) { pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{ - HTTPConfig: monitoringv1.HTTPConfig{ + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ ProxyConfig: monitoringv1.ProxyConfig{ ProxyURL: ptr.To("http://no-proxy.com"), ProxyFromEnvironment: ptr.To(true), @@ -1736,7 +1736,7 @@ func TestSelectPodMonitors(t *testing.T) { scenario: "invalid proxy config only with proxy connect header defined", updateSpec: func(pm *monitoringv1.PodMonitorSpec) { pm.PodMetricsEndpoints = append(pm.PodMetricsEndpoints, monitoringv1.PodMetricsEndpoint{ - HTTPConfig: monitoringv1.HTTPConfig{ + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ ProxyConfig: monitoringv1.ProxyConfig{ ProxyConnectHeader: map[string][]v1.SecretKeySelector{ "header": { diff --git a/test/e2e/alertmanager_test.go b/test/e2e/alertmanager_test.go index ad0352f6e..61d2c51e2 100644 --- a/test/e2e/alertmanager_test.go +++ b/test/e2e/alertmanager_test.go @@ -1783,29 +1783,31 @@ func testUserDefinedAlertmanagerConfigFromCustomResource(t *testing.T) { RequireTLS: ptr.To(true), }, ResolveTimeout: "30s", - HTTPConfig: &monitoringv1.HTTPConfig{ - OAuth2: &monitoringv1.OAuth2{ - ClientID: monitoringv1.SecretOrConfigMap{ - ConfigMap: &v1.ConfigMapKeySelector{ + HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{ + OAuth2: &monitoringv1.OAuth2{ + ClientID: monitoringv1.SecretOrConfigMap{ + ConfigMap: &v1.ConfigMapKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "webhook-client-id", + }, + Key: "test", + }, + }, + ClientSecret: v1.SecretKeySelector{ LocalObjectReference: v1.LocalObjectReference{ - Name: "webhook-client-id", + Name: "webhook-client-secret", }, Key: "test", }, - }, - ClientSecret: v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "webhook-client-secret", + TokenURL: "https://test.com", + Scopes: []string{"any"}, + EndpointParams: map[string]string{ + "some": "value", }, - Key: "test", - }, - TokenURL: "https://test.com", - Scopes: []string{"any"}, - EndpointParams: map[string]string{ - "some": "value", }, + FollowRedirects: ptr.To(true), }, - FollowRedirects: ptr.To(true), }, }, Templates: []monitoringv1.SecretOrConfigMap{ diff --git a/test/e2e/prometheus_test.go b/test/e2e/prometheus_test.go index f9e7a9289..1ea6e9848 100644 --- a/test/e2e/prometheus_test.go +++ b/test/e2e/prometheus_test.go @@ -3500,19 +3500,21 @@ func testPromSecurePodMonitor(t *testing.T) { name: "basic-auth-secret", endpoint: monitoringv1.PodMetricsEndpoint{ Port: ptr.To("web"), - HTTPConfig: monitoringv1.HTTPConfig{ - BasicAuth: &monitoringv1.BasicAuth{ - Username: v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: name, + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{ + BasicAuth: &monitoringv1.BasicAuth{ + Username: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: name, + }, + Key: "user", }, - Key: "user", - }, - Password: v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: name, + Password: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: name, + }, + Key: "password", }, - Key: "password", }, }, }, @@ -3525,12 +3527,14 @@ func testPromSecurePodMonitor(t *testing.T) { name: "bearer-secret", endpoint: monitoringv1.PodMetricsEndpoint{ Port: ptr.To("web"), - HTTPConfig: monitoringv1.HTTPConfig{ - BearerTokenSecret: &v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: name, + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{ + BearerTokenSecret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: name, + }, + Key: "bearer-token", }, - Key: "bearer-token", }, }, Path: "/bearer-metrics", @@ -3544,31 +3548,33 @@ func testPromSecurePodMonitor(t *testing.T) { endpoint: monitoringv1.PodMetricsEndpoint{ Port: ptr.To("mtls"), Scheme: ptr.To(monitoringv1.SchemeHTTPS), - HTTPConfig: monitoringv1.HTTPConfig{ - TLSConfig: &monitoringv1.SafeTLSConfig{ - InsecureSkipVerify: ptr.To(true), - CA: monitoringv1.SecretOrConfigMap{ - Secret: &v1.SecretKeySelector{ + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{ + TLSConfig: &monitoringv1.SafeTLSConfig{ + InsecureSkipVerify: ptr.To(true), + CA: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: name, + }, + Key: "cert.pem", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + Secret: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: name, + }, + Key: "cert.pem", + }, + }, + KeySecret: &v1.SecretKeySelector{ LocalObjectReference: v1.LocalObjectReference{ Name: name, }, - Key: "cert.pem", + Key: "key.pem", }, }, - Cert: monitoringv1.SecretOrConfigMap{ - Secret: &v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: name, - }, - Key: "cert.pem", - }, - }, - KeySecret: &v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: name, - }, - Key: "key.pem", - }, }, }, Path: "/", @@ -3579,31 +3585,33 @@ func testPromSecurePodMonitor(t *testing.T) { endpoint: monitoringv1.PodMetricsEndpoint{ Port: ptr.To("mtls"), Scheme: ptr.To(monitoringv1.SchemeHTTPS), - HTTPConfig: monitoringv1.HTTPConfig{ - TLSConfig: &monitoringv1.SafeTLSConfig{ - InsecureSkipVerify: ptr.To(true), - CA: monitoringv1.SecretOrConfigMap{ - ConfigMap: &v1.ConfigMapKeySelector{ + HTTPConfigWithProxy: monitoringv1.HTTPConfigWithProxy{ + HTTPConfig: monitoringv1.HTTPConfig{ + TLSConfig: &monitoringv1.SafeTLSConfig{ + InsecureSkipVerify: ptr.To(true), + CA: monitoringv1.SecretOrConfigMap{ + ConfigMap: &v1.ConfigMapKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: name, + }, + Key: "cert.pem", + }, + }, + Cert: monitoringv1.SecretOrConfigMap{ + ConfigMap: &v1.ConfigMapKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: name, + }, + Key: "cert.pem", + }, + }, + KeySecret: &v1.SecretKeySelector{ LocalObjectReference: v1.LocalObjectReference{ Name: name, }, - Key: "cert.pem", + Key: "key.pem", }, }, - Cert: monitoringv1.SecretOrConfigMap{ - ConfigMap: &v1.ConfigMapKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: name, - }, - Key: "cert.pem", - }, - }, - KeySecret: &v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: name, - }, - Key: "key.pem", - }, }, }, Path: "/",