From a9a97db5c6252918bc95f2bb92ef889585e69d68 Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Wed, 14 Jan 2026 20:02:22 -0500 Subject: [PATCH] Add OpenShift 4.21 APIs - https://issues.redhat.com/browse/OSDOCS-15078 --- _topic_maps/_topic_map.yml | 4 + api-config.yaml | 7 +- ...utoscaler-autoscaling-openshift-io-v1.adoc | 4 + .../apiserver-config-openshift-io-v1.adoc | 10 +- ...authentication-config-openshift-io-v1.adoc | 961 +++++ .../build-config-openshift-io-v1.adoc | 60 +- ...terimagepolicy-config-openshift-io-v1.adoc | 8 +- ...lusteroperator-config-openshift-io-v1.adoc | 7 +- ...clusterversion-config-openshift-io-v1.adoc | 40 +- rest_api/config_apis/config-apis-index.adoc | 7 +- .../imagepolicy-config-openshift-io-v1.adoc | 8 +- ...infrastructure-config-openshift-io-v1.adoc | 13 +- ...ation-admissionregistration-k8s-io-v1.adoc | 4 - ...agestreamimport-image-openshift-io-v1.adoc | 4 +- ...anemachineset-machine-openshift-io-v1.adoc | 5 +- .../machine-machine-openshift-io-v1beta1.adoc | 1 - ...-machineconfiguration-openshift-io-v1.adoc | 4 + ...chineset-machine-openshift-io-v1beta1.adoc | 1 - ...alertmanager-monitoring-coreos-com-v1.adoc | 1365 ++++--- ...rconfig-monitoring-coreos-com-v1beta1.adoc | 3367 +++++++++-------- .../podmonitor-monitoring-coreos-com-v1.adoc | 595 ++- .../probe-monitoring-coreos-com-v1.adoc | 565 ++- .../prometheus-monitoring-coreos-com-v1.adoc | 2194 ++++++----- ...ometheusrule-monitoring-coreos-com-v1.adoc | 307 +- ...rvicemonitor-monitoring-coreos-com-v1.adoc | 338 +- .../thanosruler-monitoring-coreos-com-v1.adoc | 1272 +++++-- ...steruserdefinednetwork-k8s-ovn-org-v1.adoc | 32 + .../gateway-gateway-networking-k8s-io-v1.adoc | 28 +- ...rpcroute-gateway-networking-k8s-io-v1.adoc | 22 +- ...ttproute-gateway-networking-k8s-io-v1.adoc | 22 +- .../ipamclaim-k8s-cni-cncf-io-v1alpha1.adoc | 103 + .../networkpolicy-networking-k8s-io-v1.adoc | 4 +- .../userdefinednetwork-k8s-ovn-org-v1.adoc | 32 + rest_api/node_apis/node-v1.adoc | 2 +- rest_api/objects/index.adoc | 668 +++- .../dns-operator-openshift-io-v1.adoc | 492 ++- ...sscontroller-operator-openshift-io-v1.adoc | 16 +- ...onfiguration-operator-openshift-io-v1.adoc | 12 +- .../operator_apis/operator-apis-index.adoc | 13 +- ...gsource-operators-coreos-com-v1alpha1.adoc | 8 +- ...ercatalog-olm-operatorframework-io-v1.adoc | 12 +- ...extension-olm-operatorframework-io-v1.adoc | 54 + ...nrevision-olm-operatorframework-io-v1.adoc | 663 ++++ ...version-operators-coreos-com-v1alpha1.adoc | 731 +++- .../operatorhub-apis-index.adoc | 11 + ...ription-operators-coreos-com-v1alpha1.adoc | 242 +- rest_api/overview/index.adoc | 4 + .../baremetalhost-metal3-io-v1alpha1.adoc | 6 + .../provisioning-metal3-io-v1alpha1.adoc | 65 +- ...tconstraints-security-openshift-io-v1.adoc | 16 +- .../csidriver-storage-k8s-io-v1.adoc | 4 +- .../storage_apis/persistentvolume-v1.adoc | 2 +- .../persistentvolumeclaim-v1.adoc | 4 +- rest_api/storage_apis/storage-apis-index.adoc | 11 + .../volumeattachment-storage-k8s-io-v1.adoc | 4 +- ...lumeattributesclass-storage-k8s-io-v1.adoc | 348 ++ rest_api/template_apis/podtemplate-v1.adoc | 501 ++- ...lateinstance-template-openshift-io-v1.adoc | 10 +- .../build-build-openshift-io-v1.adoc | 36 +- .../buildconfig-build-openshift-io-v1.adoc | 34 +- .../buildrequest-build-openshift-io-v1.adoc | 4 +- rest_api/workloads_apis/cronjob-batch-v1.adoc | 8 +- .../workloads_apis/daemonset-apps-v1.adoc | 2 +- ...deploymentconfig-apps-openshift-io-v1.adoc | 14 +- rest_api/workloads_apis/job-batch-v1.adoc | 8 +- rest_api/workloads_apis/pod-v1.adoc | 597 ++- .../replicationcontroller-v1.adoc | 501 ++- 67 files changed, 12139 insertions(+), 4358 deletions(-) create mode 100644 rest_api/operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc create mode 100644 rest_api/storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 547ab7b24d..74e3af3b59 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -4352,6 +4352,8 @@ Topics: File: clustercatalog-olm-operatorframework-io-v1 - Name: 'ClusterExtension [olm.operatorframework.io/v1]' File: clusterextension-olm-operatorframework-io-v1 + - Name: 'ClusterExtensionRevision [olm.operatorframework.io/v1]' + File: clusterextensionrevision-olm-operatorframework-io-v1 - Name: 'ClusterServiceVersion [operators.coreos.com/v1alpha1]' File: clusterserviceversion-operators-coreos-com-v1alpha1 - Name: 'InstallPlan [operators.coreos.com/v1alpha1]' @@ -4508,6 +4510,8 @@ Topics: File: storageversionmigration-migration-k8s-io-v1alpha1 - Name: 'VolumeAttachment [storage.k8s.io/v1]' File: volumeattachment-storage-k8s-io-v1 + - Name: 'VolumeAttributesClass [storage.k8s.io/v1]' + File: volumeattributesclass-storage-k8s-io-v1 - Name: 'VolumePopulator [populator.storage.k8s.io/v1beta1]' File: volumepopulator-populator-storage-k8s-io-v1beta1 - Name: 'VolumeSnapshot [snapshot.storage.k8s.io/v1]' diff --git a/api-config.yaml b/api-config.yaml index e6d77dca2c..359a805a9f 100644 --- a/api-config.yaml +++ b/api-config.yaml @@ -616,13 +616,15 @@ apiMap: - kind: CatalogSource group: operators.coreos.com version: v1alpha1 -# ERROR (objects/index.adoc): "xref:../operatorhub_apis/olm-operator-openshift-io-v1.adoc#olm-operator-openshift-io-v1[`array (OLM)`]" appears to try to reference a file not included in the "openshift-enterprise" distro - kind: ClusterCatalog group: olm.operatorframework.io version: v1 - kind: ClusterExtension group: olm.operatorframework.io version: v1 + - kind: ClusterExtensionRevision + group: olm.operatorframework.io + version: v1 - kind: ClusterServiceVersion group: operators.coreos.com version: v1alpha1 @@ -846,6 +848,9 @@ apiMap: - kind: VolumeAttachment group: storage.k8s.io version: v1 + - kind: VolumeAttributesClass + group: storage.k8s.io + version: v1 - kind: VolumePopulator group: populator.storage.k8s.io version: v1beta1 diff --git a/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc b/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc index 7428898fc7..2c859b0390 100644 --- a/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc +++ b/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc @@ -311,6 +311,10 @@ Required:: |=== | Property | Type | Description +| `cordonNodeBeforeTerminating` +| `string` +| CordonNodeBeforeTerminating enables/disables cordoning nodes before terminating during scale down. + | `delayAfterAdd` | `string` | How long after scale up that scale down evaluation resumes diff --git a/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc b/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc index ccd034c641..8a18509541 100644 --- a/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc @@ -102,9 +102,8 @@ will be used for serving secure traffic. | `object` | tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. -If unset, a default (which may change between releases) is chosen. Note that only Old, -Intermediate and Custom profiles are currently supported, and the maximum available -minTLSVersion is VersionTLS12. +When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. +The current default is the Intermediate profile. |=== === .spec.audit @@ -387,9 +386,8 @@ Description:: -- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. -If unset, a default (which may change between releases) is chosen. Note that only Old, -Intermediate and Custom profiles are currently supported, and the maximum available -minTLSVersion is VersionTLS12. +When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. +The current default is the Intermediate profile. -- Type:: diff --git a/rest_api/config_apis/authentication-config-openshift-io-v1.adoc b/rest_api/config_apis/authentication-config-openshift-io-v1.adoc index 1da2388d9d..80aef2ef1e 100644 --- a/rest_api/config_apis/authentication-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/authentication-config-openshift-io-v1.adoc @@ -83,6 +83,18 @@ If specified and the config map or expected key is not found, no metadata is ser If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config. +| `oidcProviders` +| `array` +| oidcProviders are OIDC identity providers that can issue tokens +for this cluster +Can only be set if "Type" is set to "OIDC". + +At most one provider can be configured. + +| `oidcProviders[]` +| `object` +| + | `serviceAccountIssuer` | `string` | serviceAccountIssuer is the identifier of the bound service account token @@ -153,6 +165,725 @@ Required:: | `string` | name is the metadata.name of the referenced config map +|=== +=== .spec.oidcProviders +Description:: ++ +-- +oidcProviders are OIDC identity providers that can issue tokens +for this cluster +Can only be set if "Type" is set to "OIDC". + +At most one provider can be configured. +-- + +Type:: + `array` + + + + +=== .spec.oidcProviders[] +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `claimMappings` + - `issuer` + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `claimMappings` +| `object` +| claimMappings is a required field that configures the rules to be used by +the Kubernetes API server for translating claims in a JWT token, issued +by the identity provider, to a cluster identity. + +| `claimValidationRules` +| `array` +| claimValidationRules is an optional field that configures the rules to +be used by the Kubernetes API server for validating the claims in a JWT +token issued by the identity provider. + +Validation rules are joined via an AND operation. + +| `claimValidationRules[]` +| `object` +| + +| `issuer` +| `object` +| issuer is a required field that configures how the platform interacts +with the identity provider and how tokens issued from the identity provider +are evaluated by the Kubernetes API server. + +| `name` +| `string` +| name is a required field that configures the unique human-readable identifier +associated with the identity provider. +It is used to distinguish between multiple identity providers +and has no impact on token validation or authentication mechanics. + +name must not be an empty string (""). + +| `oidcClients` +| `array` +| oidcClients is an optional field that configures how on-cluster, +platform clients should request tokens from the identity provider. +oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs. + +| `oidcClients[]` +| `object` +| OIDCClientConfig configures how platform clients +interact with identity providers as an authentication +method + +|=== +=== .spec.oidcProviders[].claimMappings +Description:: ++ +-- +claimMappings is a required field that configures the rules to be used by +the Kubernetes API server for translating claims in a JWT token, issued +by the identity provider, to a cluster identity. +-- + +Type:: + `object` + +Required:: + - `username` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `extra` +| `array` +| extra is an optional field for configuring the mappings +used to construct the extra attribute for the cluster identity. +When omitted, no extra attributes will be present on the cluster identity. +key values for extra mappings must be unique. +A maximum of 32 extra attribute mappings may be provided. + +| `extra[]` +| `object` +| ExtraMapping allows specifying a key and CEL expression +to evaluate the keys' value. It is used to create additional +mappings and attributes added to a cluster identity from +a provided authentication token. + +| `groups` +| `object` +| groups is an optional field that configures how the groups of a cluster identity +should be constructed from the claims in a JWT token issued +by the identity provider. +When referencing a claim, if the claim is present in the JWT +token, its value must be a list of groups separated by a comma (','). +For example - '"example"' and '"exampleOne", "exampleTwo", "exampleThree"' are valid claim values. + +| `uid` +| `object` +| uid is an optional field for configuring the claim mapping +used to construct the uid for the cluster identity. + +When using uid.claim to specify the claim it must be a single string value. +When using uid.expression the expression must result in a single string value. + +When omitted, this means the user has no opinion and the platform +is left to choose a default, which is subject to change over time. +The current default is to use the 'sub' claim. + +| `username` +| `object` +| username is a required field that configures how the username of a cluster identity +should be constructed from the claims in a JWT token issued by the identity provider. + +|=== +=== .spec.oidcProviders[].claimMappings.extra +Description:: ++ +-- +extra is an optional field for configuring the mappings +used to construct the extra attribute for the cluster identity. +When omitted, no extra attributes will be present on the cluster identity. +key values for extra mappings must be unique. +A maximum of 32 extra attribute mappings may be provided. +-- + +Type:: + `array` + + + + +=== .spec.oidcProviders[].claimMappings.extra[] +Description:: ++ +-- +ExtraMapping allows specifying a key and CEL expression +to evaluate the keys' value. It is used to create additional +mappings and attributes added to a cluster identity from +a provided authentication token. +-- + +Type:: + `object` + +Required:: + - `key` + - `valueExpression` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| key is a required field that specifies the string +to use as the extra attribute key. + +key must be a domain-prefix path (e.g 'example.org/foo'). +key must not exceed 510 characters in length. +key must contain the '/' character, separating the domain and path characters. +key must not be empty. + +The domain portion of the key (string of characters prior to the '/') must be a valid RFC1123 subdomain. +It must not exceed 253 characters in length. +It must start and end with an alphanumeric character. +It must only contain lower case alphanumeric characters and '-' or '.'. +It must not use the reserved domains, or be subdomains of, "kubernetes.io", "k8s.io", and "openshift.io". + +The path portion of the key (string of characters after the '/') must not be empty and must consist of at least one +alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. +It must not exceed 256 characters in length. + +| `valueExpression` +| `string` +| valueExpression is a required field to specify the CEL expression to extract +the extra attribute value from a JWT token's claims. +valueExpression must produce a string or string array value. +"", [], and null are treated as the extra mapping not being present. +Empty string values within an array are filtered out. + +CEL expressions have access to the token claims +through a CEL variable, 'claims'. +'claims' is a map of claim names to claim values. +For example, the 'sub' claim value can be accessed as 'claims.sub'. +Nested claims can be accessed using dot notation ('claims.foo.bar'). + +valueExpression must not exceed 1024 characters in length. +valueExpression must not be empty. + +|=== +=== .spec.oidcProviders[].claimMappings.groups +Description:: ++ +-- +groups is an optional field that configures how the groups of a cluster identity +should be constructed from the claims in a JWT token issued +by the identity provider. +When referencing a claim, if the claim is present in the JWT +token, its value must be a list of groups separated by a comma (','). +For example - '"example"' and '"exampleOne", "exampleTwo", "exampleThree"' are valid claim values. +-- + +Type:: + `object` + +Required:: + - `claim` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `claim` +| `string` +| claim is a required field that configures the JWT token +claim whose value is assigned to the cluster identity +field associated with this mapping. + +| `prefix` +| `string` +| prefix is an optional field that configures the prefix that will be +applied to the cluster identity attribute during the process of mapping +JWT claims to cluster identity attributes. + +When omitted (""), no prefix is applied to the cluster identity attribute. + +Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains +an array of strings "a", "b" and "c", the mapping will result in an +array of string "myoidc:a", "myoidc:b" and "myoidc:c". + +|=== +=== .spec.oidcProviders[].claimMappings.uid +Description:: ++ +-- +uid is an optional field for configuring the claim mapping +used to construct the uid for the cluster identity. + +When using uid.claim to specify the claim it must be a single string value. +When using uid.expression the expression must result in a single string value. + +When omitted, this means the user has no opinion and the platform +is left to choose a default, which is subject to change over time. +The current default is to use the 'sub' claim. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `claim` +| `string` +| claim is an optional field for specifying the +JWT token claim that is used in the mapping. +The value of this claim will be assigned to +the field in which this mapping is associated. + +Precisely one of claim or expression must be set. +claim must not be specified when expression is set. +When specified, claim must be at least 1 character in length +and must not exceed 256 characters in length. + +| `expression` +| `string` +| expression is an optional field for specifying a +CEL expression that produces a string value from +JWT token claims. + +CEL expressions have access to the token claims +through a CEL variable, 'claims'. +'claims' is a map of claim names to claim values. +For example, the 'sub' claim value can be accessed as 'claims.sub'. +Nested claims can be accessed using dot notation ('claims.foo.bar'). + +Precisely one of claim or expression must be set. +expression must not be specified when claim is set. +When specified, expression must be at least 1 character in length +and must not exceed 1024 characters in length. + +|=== +=== .spec.oidcProviders[].claimMappings.username +Description:: ++ +-- +username is a required field that configures how the username of a cluster identity +should be constructed from the claims in a JWT token issued by the identity provider. +-- + +Type:: + `object` + +Required:: + - `claim` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `claim` +| `string` +| claim is a required field that configures the JWT token +claim whose value is assigned to the cluster identity +field associated with this mapping. + +claim must not be an empty string ("") and must not exceed 256 characters. + +| `prefix` +| `object` +| prefix configures the prefix that should be prepended to the value +of the JWT claim. + +prefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise. + +| `prefixPolicy` +| `string` +| prefixPolicy is an optional field that configures how a prefix should be +applied to the value of the JWT claim specified in the 'claim' field. + +Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). + +When set to 'Prefix', the value specified in the prefix field will be +prepended to the value of the JWT claim. +The prefix field must be set when prefixPolicy is 'Prefix'. + +When set to 'NoPrefix', no prefix will be prepended to the value +of the JWT claim. + +When omitted, this means no opinion and the platform is left to choose +any prefixes that are applied which is subject to change over time. +Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim +when the claim is not 'email'. +As an example, consider the following scenario: + `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, + the JWT claims include "username":"userA" and "email":"userA@myoidc.tld", + and `claim` is set to: + - "username": the mapped value will be "https://myoidc.tld#userA" + - "email": the mapped value will be "userA@myoidc.tld" + +|=== +=== .spec.oidcProviders[].claimMappings.username.prefix +Description:: ++ +-- +prefix configures the prefix that should be prepended to the value +of the JWT claim. + +prefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise. +-- + +Type:: + `object` + +Required:: + - `prefixString` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `prefixString` +| `string` +| prefixString is a required field that configures the prefix that will +be applied to cluster identity username attribute +during the process of mapping JWT claims to cluster identity attributes. + +prefixString must not be an empty string (""). + +|=== +=== .spec.oidcProviders[].claimValidationRules +Description:: ++ +-- +claimValidationRules is an optional field that configures the rules to +be used by the Kubernetes API server for validating the claims in a JWT +token issued by the identity provider. + +Validation rules are joined via an AND operation. +-- + +Type:: + `array` + + + + +=== .spec.oidcProviders[].claimValidationRules[] +Description:: ++ +-- + +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `requiredClaim` +| `object` +| requiredClaim is an optional field that configures the required claim +and value that the Kubernetes API server will use to validate if an incoming +JWT is valid for this identity provider. + +| `type` +| `string` +| type is an optional field that configures the type of the validation rule. + +Allowed values are 'RequiredClaim' and omitted (not provided or an empty string). + +When set to 'RequiredClaim', the Kubernetes API server +will be configured to validate that the incoming JWT +contains the required claim and that its value matches +the required value. + +Defaults to 'RequiredClaim'. + +|=== +=== .spec.oidcProviders[].claimValidationRules[].requiredClaim +Description:: ++ +-- +requiredClaim is an optional field that configures the required claim +and value that the Kubernetes API server will use to validate if an incoming +JWT is valid for this identity provider. +-- + +Type:: + `object` + +Required:: + - `claim` + - `requiredValue` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `claim` +| `string` +| claim is a required field that configures the name of the required claim. +When taken from the JWT claims, claim must be a string value. + +claim must not be an empty string (""). + +| `requiredValue` +| `string` +| requiredValue is a required field that configures the value that 'claim' must +have when taken from the incoming JWT claims. +If the value in the JWT claims does not match, the token +will be rejected for authentication. + +requiredValue must not be an empty string (""). + +|=== +=== .spec.oidcProviders[].issuer +Description:: ++ +-- +issuer is a required field that configures how the platform interacts +with the identity provider and how tokens issued from the identity provider +are evaluated by the Kubernetes API server. +-- + +Type:: + `object` + +Required:: + - `audiences` + - `issuerURL` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `audiences` +| `array (string)` +| audiences is a required field that configures the acceptable audiences +the JWT token, issued by the identity provider, must be issued to. +At least one of the entries must match the 'aud' claim in the JWT token. + +audiences must contain at least one entry and must not exceed ten entries. + +| `issuerCertificateAuthority` +| `object` +| issuerCertificateAuthority is an optional field that configures the +certificate authority, used by the Kubernetes API server, to validate +the connection to the identity provider when fetching discovery information. + +When not specified, the system trust is used. + +When specified, it must reference a ConfigMap in the openshift-config +namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' +key in the data field of the ConfigMap. + +| `issuerURL` +| `string` +| issuerURL is a required field that configures the URL used to issue tokens +by the identity provider. +The Kubernetes API server determines how authentication tokens should be handled +by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers. + +Must be at least 1 character and must not exceed 512 characters in length. +Must be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user. + +|=== +=== .spec.oidcProviders[].issuer.issuerCertificateAuthority +Description:: ++ +-- +issuerCertificateAuthority is an optional field that configures the +certificate authority, used by the Kubernetes API server, to validate +the connection to the identity provider when fetching discovery information. + +When not specified, the system trust is used. + +When specified, it must reference a ConfigMap in the openshift-config +namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' +key in the data field of the ConfigMap. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the metadata.name of the referenced config map + +|=== +=== .spec.oidcProviders[].oidcClients +Description:: ++ +-- +oidcClients is an optional field that configures how on-cluster, +platform clients should request tokens from the identity provider. +oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs. +-- + +Type:: + `array` + + + + +=== .spec.oidcProviders[].oidcClients[] +Description:: ++ +-- +OIDCClientConfig configures how platform clients +interact with identity providers as an authentication +method +-- + +Type:: + `object` + +Required:: + - `clientID` + - `componentName` + - `componentNamespace` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clientID` +| `string` +| clientID is a required field that configures the client identifier, from +the identity provider, that the platform component uses for authentication +requests made to the identity provider. +The identity provider must accept this identifier for platform components +to be able to use the identity provider as an authentication mode. + +clientID must not be an empty string (""). + +| `clientSecret` +| `object` +| clientSecret is an optional field that configures the client secret used +by the platform component when making authentication requests to the identity provider. + +When not specified, no client secret will be used when making authentication requests +to the identity provider. + +When specified, clientSecret references a Secret in the 'openshift-config' +namespace that contains the client secret in the 'clientSecret' key of the '.data' field. +The client secret will be used when making authentication requests to the identity provider. + +Public clients do not require a client secret but private +clients do require a client secret to work with the identity provider. + +| `componentName` +| `string` +| componentName is a required field that specifies the name of the platform +component being configured to use the identity provider as an authentication mode. +It is used in combination with componentNamespace as a unique identifier. + +componentName must not be an empty string ("") and must not exceed 256 characters in length. + +| `componentNamespace` +| `string` +| componentNamespace is a required field that specifies the namespace in which the +platform component being configured to use the identity provider as an authentication +mode is running. +It is used in combination with componentName as a unique identifier. + +componentNamespace must not be an empty string ("") and must not exceed 63 characters in length. + +| `extraScopes` +| `array (string)` +| extraScopes is an optional field that configures the extra scopes that should +be requested by the platform component when making authentication requests to the +identity provider. +This is useful if you have configured claim mappings that requires specific +scopes to be requested beyond the standard OIDC scopes. + +When omitted, no additional scopes are requested. + +|=== +=== .spec.oidcProviders[].oidcClients[].clientSecret +Description:: ++ +-- +clientSecret is an optional field that configures the client secret used +by the platform component when making authentication requests to the identity provider. + +When not specified, no client secret will be used when making authentication requests +to the identity provider. + +When specified, clientSecret references a Secret in the 'openshift-config' +namespace that contains the client secret in the 'clientSecret' key of the '.data' field. +The client secret will be used when making authentication requests to the identity provider. + +Public clients do not require a client secret but private +clients do require a client secret to work with the identity provider. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the metadata.name of the referenced secret + |=== === .spec.webhookTokenAuthenticator Description:: @@ -332,6 +1063,17 @@ If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed. +| `oidcClients` +| `array` +| oidcClients is where participating operators place the current OIDC client status +for OIDC clients that can be customized by the cluster-admin. + +| `oidcClients[]` +| `object` +| OIDCClientStatus represents the current state +of platform components and how they interact with +the configured identity providers. + |=== === .status.integratedOAuthMetadata Description:: @@ -368,6 +1110,225 @@ Required:: | `string` | name is the metadata.name of the referenced config map +|=== +=== .status.oidcClients +Description:: ++ +-- +oidcClients is where participating operators place the current OIDC client status +for OIDC clients that can be customized by the cluster-admin. +-- + +Type:: + `array` + + + + +=== .status.oidcClients[] +Description:: ++ +-- +OIDCClientStatus represents the current state +of platform components and how they interact with +the configured identity providers. +-- + +Type:: + `object` + +Required:: + - `componentName` + - `componentNamespace` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `componentName` +| `string` +| componentName is a required field that specifies the name of the platform +component using the identity provider as an authentication mode. +It is used in combination with componentNamespace as a unique identifier. + +componentName must not be an empty string ("") and must not exceed 256 characters in length. + +| `componentNamespace` +| `string` +| componentNamespace is a required field that specifies the namespace in which the +platform component using the identity provider as an authentication +mode is running. +It is used in combination with componentName as a unique identifier. + +componentNamespace must not be an empty string ("") and must not exceed 63 characters in length. + +| `conditions` +| `array` +| conditions are used to communicate the state of the `oidcClients` entry. + +Supported conditions include Available, Degraded and Progressing. + +If Available is true, the component is successfully using the configured client. +If Degraded is true, that means something has gone wrong trying to handle the client configuration. +If Progressing is true, that means the component is taking some action related to the `oidcClients` entry. + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. + +| `consumingUsers` +| `array (string)` +| consumingUsers is an optional list of ServiceAccounts requiring +read permissions on the `clientSecret` secret. + +consumingUsers must not exceed 5 entries. + +| `currentOIDCClients` +| `array` +| currentOIDCClients is an optional list of clients that the component is currently using. +Entries must have unique issuerURL/clientID pairs. + +| `currentOIDCClients[]` +| `object` +| OIDCClientReference is a reference to a platform component +client configuration. + +|=== +=== .status.oidcClients[].conditions +Description:: ++ +-- +conditions are used to communicate the state of the `oidcClients` entry. + +Supported conditions include Available, Degraded and Progressing. + +If Available is true, the component is successfully using the configured client. +If Degraded is true, that means something has gone wrong trying to handle the client configuration. +If Progressing is true, that means the component is taking some action related to the `oidcClients` entry. +-- + +Type:: + `array` + + + + +=== .status.oidcClients[].conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. +This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. +For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date +with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. +Producers of specific condition types may define expected values and meanings for this field, +and whether the values are considered a guaranteed API. +The value should be a CamelCase string. +This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. + +|=== +=== .status.oidcClients[].currentOIDCClients +Description:: ++ +-- +currentOIDCClients is an optional list of clients that the component is currently using. +Entries must have unique issuerURL/clientID pairs. +-- + +Type:: + `array` + + + + +=== .status.oidcClients[].currentOIDCClients[] +Description:: ++ +-- +OIDCClientReference is a reference to a platform component +client configuration. +-- + +Type:: + `object` + +Required:: + - `clientID` + - `issuerURL` + - `oidcProviderName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clientID` +| `string` +| clientID is a required field that specifies the client identifier, from +the identity provider, that the platform component is using for authentication +requests made to the identity provider. + +clientID must not be empty. + +| `issuerURL` +| `string` +| issuerURL is a required field that specifies the URL of the identity +provider that this client is configured to make requests against. + +issuerURL must use the 'https' scheme. + +| `oidcProviderName` +| `string` +| oidcProviderName is a required reference to the 'name' of the identity provider +configured in 'oidcProviders' that this client is associated with. + +oidcProviderName must not be an empty string (""). + |=== == API endpoints diff --git a/rest_api/config_apis/build-config-openshift-io-v1.adoc b/rest_api/config_apis/build-config-openshift-io-v1.adoc index 7166b1ebe6..f072a84134 100644 --- a/rest_api/config_apis/build-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/build-config-openshift-io-v1.adoc @@ -315,7 +315,8 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. +May consist of any printable ASCII characters except '='. | `value` | `string` @@ -360,6 +361,11 @@ Type:: | Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| `fileKeyRef` +| `object` +| FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + | `resourceFieldRef` | `object` | Selects a resource of the container: only resources limits and requests @@ -434,6 +440,54 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.buildDefaults.env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. +-- + +Type:: + `object` + +Required:: + - `key` + - `path` + - `volumeName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.buildDefaults.env[].valueFrom.resourceFieldRef Description:: @@ -677,7 +731,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -706,7 +760,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. diff --git a/rest_api/config_apis/clusterimagepolicy-config-openshift-io-v1.adoc b/rest_api/config_apis/clusterimagepolicy-config-openshift-io-v1.adoc index 1d32cf7f3e..d59f32df2c 100644 --- a/rest_api/config_apis/clusterimagepolicy-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/clusterimagepolicy-config-openshift-io-v1.adoc @@ -80,7 +80,7 @@ images not matching the verification policy will be treated. | scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository -namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `\*.`, for matching all subdomains (not including a port number). +namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories @@ -554,7 +554,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../config_apis/clusterimagepolicy-config-openshift-io-v1.adoc#clusterimagepolicy-config-openshift-io-v1[`ClusterImagePolicy`] schema -| +| |=== .HTTP responses @@ -687,7 +687,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../config_apis/clusterimagepolicy-config-openshift-io-v1.adoc#clusterimagepolicy-config-openshift-io-v1[`ClusterImagePolicy`] schema -| +| |=== .HTTP responses @@ -789,7 +789,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../config_apis/clusterimagepolicy-config-openshift-io-v1.adoc#clusterimagepolicy-config-openshift-io-v1[`ClusterImagePolicy`] schema -| +| |=== .HTTP responses diff --git a/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc b/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc index 860ee17c77..6915d03480 100644 --- a/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc @@ -11,10 +11,9 @@ toc::[] Description:: + -- -ClusterOperator is the Custom Resource object which holds the current state -of an operator. This object is used by operators to convey their state to -the rest of the cluster. - +ClusterOperator holds the status of a core or optional OpenShift component +managed by the Cluster Version Operator (CVO). This object is used by +operators to convey their state to the rest of the cluster. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -- diff --git a/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc b/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc index 64c670a650..d2f3adbd04 100644 --- a/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc @@ -81,8 +81,8 @@ empty object; see the child properties for default semantics. | `channel` | `string` -| channel is an identifier for explicitly requesting that a non-default -set of updates be applied to this cluster. The default channel will be +| channel is an identifier for explicitly requesting a non-default set +of updates to be applied to this cluster. The default channel will contain stable updates that are appropriate for production clusters. | `clusterID` @@ -102,7 +102,7 @@ to fail. Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. -2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. +2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. @@ -112,8 +112,10 @@ Some of the fields are inter-related with restrictions and meanings described he If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to -the previous version will cause a rollback to be attempted. Not all -rollbacks will succeed. +the previous version will cause a rollback to be attempted if the +previous version is within the current minor version. Not all +rollbacks will succeed, and some may unrecoverably break the +cluster. | `overrides` | `array` @@ -179,7 +181,7 @@ to fail. Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. -2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. +2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. @@ -189,8 +191,10 @@ Some of the fields are inter-related with restrictions and meanings described he If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to -the previous version will cause a rollback to be attempted. Not all -rollbacks will succeed. +the previous version will cause a rollback to be attempted if the +previous version is within the current minor version. Not all +rollbacks will succeed, and some may unrecoverably break the +cluster. -- Type:: @@ -217,24 +221,28 @@ Valid values are 'Multi' and empty. | `force` | `boolean` | force allows an administrator to update to an image that has failed -verification or upgradeable checks. This option should only -be used when the authenticity of the provided image has been verified out -of band because the provided image will run with full administrative access -to the cluster. Do not use this flag with images that comes from unknown +verification or upgradeable checks that are designed to keep your +cluster safe. Only use this if: +* you are testing unsigned release images in short-lived test clusters or +* you are working around a known bug in the cluster-version + operator and you have verified the authenticity of the provided + image yourself. +The provided image will run with full administrative access +to the cluster. Do not use this flag with images that come from unknown or potentially malicious sources. | `image` | `string` | image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. -When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified. +If both version and image are set, the version extracted from the referenced image must match the specified version. | `version` | `string` | version is a semantic version identifying the update version. -version is ignored if image is specified and required if -architecture is specified. +version is required if architecture is specified. +If both version and image are set, the version extracted from the referenced image must match the specified version. |=== === .spec.overrides @@ -918,7 +926,7 @@ Required:: | `string` | acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature -that was overriden via desiredUpdate.force, or an update that was +that was overridden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets. diff --git a/rest_api/config_apis/config-apis-index.adoc b/rest_api/config_apis/config-apis-index.adoc index 14a23fc9bd..89f0f5b9e0 100644 --- a/rest_api/config_apis/config-apis-index.adoc +++ b/rest_api/config_apis/config-apis-index.adoc @@ -70,10 +70,9 @@ Type:: Description:: + -- -ClusterOperator is the Custom Resource object which holds the current state -of an operator. This object is used by operators to convey their state to -the rest of the cluster. - +ClusterOperator holds the status of a core or optional OpenShift component +managed by the Cluster Version Operator (CVO). This object is used by +operators to convey their state to the rest of the cluster. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -- diff --git a/rest_api/config_apis/imagepolicy-config-openshift-io-v1.adoc b/rest_api/config_apis/imagepolicy-config-openshift-io-v1.adoc index 398f177662..c430444a4d 100644 --- a/rest_api/config_apis/imagepolicy-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/imagepolicy-config-openshift-io-v1.adoc @@ -80,7 +80,7 @@ images not matching the verification policy will be treated. | scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository -namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `\*.`, for matching all subdomains (not including a port number). +namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories @@ -580,7 +580,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../config_apis/imagepolicy-config-openshift-io-v1.adoc#imagepolicy-config-openshift-io-v1[`ImagePolicy`] schema -| +| |=== .HTTP responses @@ -713,7 +713,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../config_apis/imagepolicy-config-openshift-io-v1.adoc#imagepolicy-config-openshift-io-v1[`ImagePolicy`] schema -| +| |=== .HTTP responses @@ -815,7 +815,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../config_apis/imagepolicy-config-openshift-io-v1.adoc#imagepolicy-config-openshift-io-v1[`ImagePolicy`] schema -| +| |=== .HTTP responses diff --git a/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc b/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc index 6146375f61..5b93d5abbd 100644 --- a/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc @@ -2074,6 +2074,15 @@ Type:: |=== | Property | Type | Description +| `cloudLoadBalancerConfig` +| `` +| cloudLoadBalancerConfig holds configuration related to DNS and cloud +load balancers. It allows configuration of in-cluster DNS as an alternative +to the platform default DNS implementation. +When using the ClusterHosted DNS type, Load Balancer IP addresses +must be provided for the API and internal API load balancers as well as the +ingress load balancer. + | `projectID` | `string` | resourceGroupName is the Project ID for new GCP resources created for the cluster. @@ -2256,7 +2265,7 @@ for the cluster's base domain | serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been -overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each +overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints. @@ -2273,7 +2282,7 @@ Description:: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been -overriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each +overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints. -- diff --git a/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc b/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc index 7a1c942d1c..43cd046787 100644 --- a/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc +++ b/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc @@ -178,10 +178,6 @@ IfNeeded: the webhook will be called at least one additional time as part of the Defaults to "Never". -Possible enum values: - - `"IfNeeded"` indicates that the mutation may be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial mutation call. - - `"Never"` indicates that the mutation must not be called more than once in a single admission evaluation. - | `rules` | `array` | Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects. diff --git a/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc index df4a34dcbd..6d0b8258ca 100644 --- a/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc @@ -138,7 +138,7 @@ Required:: | TagReferencePolicy describes how pull-specs for images in this image stream tag are generated when image change triggers in deployment configs or builds are resolved. This allows the image stream author to control how images are accessed. | `to` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | To is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used |=== @@ -2524,7 +2524,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../image_apis/imagestreamimport-image-openshift-io-v1.adoc#imagestreamimport-image-openshift-io-v1[`ImageStreamImport`] schema -| +| |=== .HTTP responses diff --git a/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc b/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc index 9154cef942..df31a43a82 100644 --- a/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc +++ b/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc @@ -304,7 +304,7 @@ Labels are required to match the ControlPlaneMachineSet selector. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific -failure domain field. This will be overriden when the Machines +failure domain field. This will be overridden when the Machines are created based on the FailureDomains field. |=== @@ -816,7 +816,7 @@ spec contains the desired configuration of the Control Plane Machines. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific -failure domain field. This will be overriden when the Machines +failure domain field. This will be overridden when the Machines are created based on the FailureDomains field. -- @@ -1247,7 +1247,6 @@ Valid effects are NoSchedule, PreferNoSchedule and NoExecute. | `timeAdded` | `string` | TimeAdded represents the time at which the taint was added. -It is only written for NoExecute taints. | `value` | `string` diff --git a/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc b/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc index bae563c88e..398b4a02f9 100644 --- a/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc +++ b/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc @@ -481,7 +481,6 @@ Valid effects are NoSchedule, PreferNoSchedule and NoExecute. | `timeAdded` | `string` | TimeAdded represents the time at which the taint was added. -It is only written for NoExecute taints. | `value` | `string` diff --git a/rest_api/machine_apis/machineconfignode-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/machineconfignode-machineconfiguration-openshift-io-v1.adoc index dc7e07edde..06d76e9e88 100644 --- a/rest_api/machine_apis/machineconfignode-machineconfiguration-openshift-io-v1.adoc +++ b/rest_api/machine_apis/machineconfignode-machineconfiguration-openshift-io-v1.adoc @@ -198,6 +198,8 @@ Type:: UpdatePrepared, UpdateExecuted, UpdatePostActionComplete, UpdateComplete, Updated, Resumed, Drained, AppliedFilesAndOS, Cordoned, Uncordoned, RebootedNode, NodeDegraded, PinnedImageSetsProgressing, and PinnedImageSetsDegraded. +The following types are only available when the ImageModeStatusReporting feature gate is enabled: ImagePulledFromRegistry, +AppliedOSImage, AppliedFiles | `conditions[]` | `object` @@ -229,6 +231,8 @@ conditions represent the observations of a machine config node's current state. UpdatePrepared, UpdateExecuted, UpdatePostActionComplete, UpdateComplete, Updated, Resumed, Drained, AppliedFilesAndOS, Cordoned, Uncordoned, RebootedNode, NodeDegraded, PinnedImageSetsProgressing, and PinnedImageSetsDegraded. +The following types are only available when the ImageModeStatusReporting feature gate is enabled: ImagePulledFromRegistry, +AppliedOSImage, AppliedFiles -- Type:: diff --git a/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc b/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc index 2c5919b786..b47611075e 100644 --- a/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc +++ b/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc @@ -803,7 +803,6 @@ Valid effects are NoSchedule, PreferNoSchedule and NoExecute. | `timeAdded` | `string` | TimeAdded represents the time at which the taint was added. -It is only written for NoExecute taints. | `value` | `string` diff --git a/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc index 8178342111..c074268983 100644 --- a/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc @@ -45,12 +45,12 @@ Required:: | `spec` | `object` -| Specification of the desired behavior of the Alertmanager cluster. More info: +| spec defines the specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | `status` | `object` -| Most recent observed status of the Alertmanager cluster. Read-only. +| status defines the most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status @@ -59,7 +59,7 @@ https://github.com/kubernetes/community/blob/master/contributors/devel/sig-archi Description:: + -- -Specification of the desired behavior of the Alertmanager cluster. More info: +spec defines the specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status -- @@ -75,7 +75,7 @@ Type:: | `additionalArgs` | `array` -| AdditionalArgs allows setting additional arguments for the 'Alertmanager' container. +| additionalArgs allows setting additional arguments for the 'Alertmanager' container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Alertmanager container which may cause issues if they are invalid or not supported @@ -87,29 +87,29 @@ by the given Alertmanager version. | `additionalPeers` | `array (string)` -| AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. +| additionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. | `affinity` | `object` -| If specified, the pod's scheduling constraints. +| affinity defines the pod's scheduling constraints. | `alertmanagerConfigMatcherStrategy` | `object` -| AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects +| alertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects process incoming alerts. | `alertmanagerConfigNamespaceSelector` | `object` -| Namespaces to be selected for AlertmanagerConfig discovery. If nil, only +| alertmanagerConfigNamespaceSelector defines the namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. | `alertmanagerConfigSelector` | `object` -| AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. +| alertmanagerConfigSelector defines the selector to be used for to merge and configure Alertmanager with. | `alertmanagerConfiguration` | `object` -| alertmanagerConfiguration specifies the configuration of Alertmanager. +| alertmanagerConfiguration defines the configuration of Alertmanager. If defined, it takes precedence over the `configSecret` field. @@ -118,53 +118,53 @@ in a breaking way. | `automountServiceAccountToken` | `boolean` -| AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. +| automountServiceAccountToken defines whether a service account token should be automatically mounted in the pod. If the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials. | `baseImage` | `string` -| Base image that is used to deploy pods, without tag. +| baseImage that is used to deploy pods, without tag. Deprecated: use 'image' instead. | `clusterAdvertiseAddress` | `string` -| ClusterAdvertiseAddress is the explicit address to advertise in cluster. +| clusterAdvertiseAddress defines the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 | `clusterGossipInterval` | `string` -| Interval between gossip attempts. +| clusterGossipInterval defines the interval between gossip attempts. | `clusterLabel` | `string` -| Defines the identifier that uniquely identifies the Alertmanager cluster. +| clusterLabel defines the identifier that uniquely identifies the Alertmanager cluster. You should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the `.spec.additionalPeers` field. | `clusterPeerTimeout` | `string` -| Timeout for cluster peering. +| clusterPeerTimeout defines the timeout for cluster peering. | `clusterPushpullInterval` | `string` -| Interval between pushpull attempts. +| clusterPushpullInterval defines the interval between pushpull attempts. | `clusterTLS` | `object` -| Configures the mutual TLS configuration for the Alertmanager cluster's gossip protocol. +| clusterTLS defines the mutual TLS configuration for the Alertmanager cluster's gossip protocol. It requires Alertmanager >= 0.24.0. | `configMaps` | `array (string)` -| ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager +| configMaps defines a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. The ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container. | `configSecret` | `string` -| ConfigSecret is the name of a Kubernetes Secret in the same namespace as the +| configSecret defines the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to `alertmanager-`. @@ -179,7 +179,7 @@ receiver (effectively dropping alert notifications). | `containers` | `array` -| Containers allows injecting additional containers. This is meant to +| containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge @@ -194,15 +194,15 @@ this behaviour may break at any time without notice. | `dnsConfig` | `object` -| Defines the DNS configuration for the pods. +| dnsConfig defines the DNS configuration for the pods. | `dnsPolicy` | `string` -| Defines the DNS policy for the pods. +| dnsPolicy defines the DNS policy for the pods. | `enableFeatures` | `array (string)` -| Enable access to Alertmanager feature flags. By default, no features are enabled. +| enableFeatures defines the Alertmanager's feature flags. By default, no features are enabled. Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. @@ -211,22 +211,22 @@ It requires Alertmanager >= 0.27.0. | `enableServiceLinks` | `boolean` -| Indicates whether information about services should be injected into pod's environment variables +| enableServiceLinks defines whether information about services should be injected into pod's environment variables | `externalUrl` | `string` -| The external URL the Alertmanager instances will be available under. This is +| externalUrl defines the URL used to access the Alertmanager web service. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. | `forceEnableClusterMode` | `boolean` -| ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. +| forceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. | `hostAliases` | `array` -| Pods' hostAliases configuration +| hostAliases Pods configuration | `hostAliases[]` | `object` @@ -235,7 +235,7 @@ pod's hosts file. | `hostUsers` | `boolean` -| HostUsers supports the user space in Kubernetes. +| hostUsers supports the user space in Kubernetes. More info: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/ @@ -244,19 +244,19 @@ Starting Kubernetes 1.33, the feature is enabled by default. | `image` | `string` -| Image if specified has precedence over baseImage, tag and sha +| image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured. | `imagePullPolicy` | `string` -| Image pull policy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers. +| imagePullPolicy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. | `imagePullSecrets` | `array` -| An optional list of references to secrets in the same namespace +| imagePullSecrets An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -267,7 +267,7 @@ referenced object inside the same namespace. | `initContainers` | `array` -| InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. +| initContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator @@ -283,48 +283,48 @@ this behaviour may break at any time without notice. | `limits` | `object` -| Defines the limits command line flags when starting Alertmanager. +| limits defines the limits command line flags when starting Alertmanager. | `listenLocal` | `boolean` -| ListenLocal makes the Alertmanager server listen on loopback, so that it +| listenLocal defines the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication. | `logFormat` | `string` -| Log format for Alertmanager to be configured with. +| logFormat for Alertmanager to be configured with. | `logLevel` | `string` -| Log level for Alertmanager to be configured with. +| logLevel for Alertmanager to be configured with. | `minReadySeconds` | `integer` -| Minimum number of seconds for which a newly created pod should be ready +| minReadySeconds defines the minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. If unset, pods will be considered available as soon as they are ready. | `nodeSelector` | `object (string)` -| Define which Nodes the Pods are scheduled on. +| nodeSelector defines which Nodes the Pods are scheduled on. | `paused` | `boolean` -| If set to true all actions on the underlying managed objects are not +| paused if set to true all actions on the underlying managed objects are not going to be performed, except for delete actions. | `persistentVolumeClaimRetentionPolicy` | `object` -| The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. +| persistentVolumeClaimRetentionPolicy controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate. | `podMetadata` | `object` -| PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. +| podMetadata defines labels and annotations which are propagated to the Alertmanager pods. The following items are reserved and cannot be overridden: * "alertmanager" label, set to the name of the Alertmanager instance. @@ -336,81 +336,81 @@ The following items are reserved and cannot be overridden: | `portName` | `string` -| Port name used for the pods and governing service. +| portName defines the port's name for the pods and governing service. Defaults to `web`. | `priorityClassName` | `string` -| Priority class assigned to the Pods +| priorityClassName assigned to the Pods | `replicas` | `integer` -| Size is the expected size of the alertmanager cluster. The controller will +| replicas defines the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size. | `resources` | `object` -| Define resources requests and limits for single Pods. +| resources defines the resource requests and limits of the Pods. | `retention` | `string` -| Time duration Alertmanager shall retain data for. Default is '120h', +| retention defines the time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms\|s\|m\|h)` (milliseconds seconds minutes hours). | `routePrefix` | `string` -| The route prefix Alertmanager registers HTTP handlers for. This is useful, +| routePrefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. | `secrets` | `array (string)` -| Secrets is a list of Secrets in the same namespace as the Alertmanager +| secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each Secret is added to the StatefulSet definition as a volume named `secret-`. The Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container. | `securityContext` | `object` -| SecurityContext holds pod-level security attributes and common container settings. +| securityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | `serviceAccountName` | `string` -| ServiceAccountName is the name of the ServiceAccount to use to run the +| serviceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. | `serviceName` | `string` -| The name of the service name used by the underlying StatefulSet(s) as the governing service. +| serviceName defines the service name used by the underlying StatefulSet(s) as the governing service. If defined, the Service must be created before the Alertmanager resource in the same namespace and it must define a selector that matches the pod labels. -If empty, the operator will create and manage a headless service named `alertmanager-operated` for Alermanager resources. +If empty, the operator will create and manage a headless service named `alertmanager-operated` for Alertmanager resources. When deploying multiple Alertmanager resources in the same namespace, it is recommended to specify a different value for each. See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. | `sha` | `string` -| SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. +| sha of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL. | `storage` | `object` -| Storage is the definition of how storage will be used by the Alertmanager +| storage defines the definition of how storage will be used by the Alertmanager instances. | `tag` | `string` -| Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. +| tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL. | `terminationGracePeriodSeconds` | `integer` -| Optional duration in seconds the pod needs to terminate gracefully. +| terminationGracePeriodSeconds defines the Optional duration in seconds the pod needs to terminate gracefully. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down) which may lead to data corruption. @@ -418,7 +418,7 @@ Defaults to 120 seconds. | `tolerations` | `array` -| If specified, the pod's tolerations. +| tolerations defines the pod's tolerations. | `tolerations[]` | `object` @@ -427,7 +427,7 @@ the triple using the matching operator . | `topologySpreadConstraints` | `array` -| If specified, the pod's topology spread constraints. +| topologySpreadConstraints defines the Pod's topology spread constraints. | `topologySpreadConstraints[]` | `object` @@ -435,11 +435,11 @@ the triple using the matching operator . | `version` | `string` -| Version the cluster should be on. +| version the cluster should be on. | `volumeMounts` | `array` -| VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. +| volumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. @@ -449,7 +449,7 @@ that are generated as a result of StorageSpec objects. | `volumes` | `array` -| Volumes allows configuration of additional volumes on the output StatefulSet definition. +| volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. @@ -459,14 +459,14 @@ StorageSpec objects. | `web` | `object` -| Defines the web command line flags when starting Alertmanager. +| web defines the web command line flags when starting Alertmanager. |=== === .spec.additionalArgs Description:: + -- -AdditionalArgs allows setting additional arguments for the 'Alertmanager' container. +additionalArgs allows setting additional arguments for the 'Alertmanager' container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Alertmanager container which may cause issues if they are invalid or not supported @@ -500,18 +500,18 @@ Required:: | `name` | `string` -| Name of the argument, e.g. "scrape.discovery-reload-interval". +| name of the argument, e.g. "scrape.discovery-reload-interval". | `value` | `string` -| Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) +| value defines the argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) |=== === .spec.affinity Description:: + -- -If specified, the pod's scheduling constraints. +affinity defines the pod's scheduling constraints. -- Type:: @@ -1599,8 +1599,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` @@ -1637,8 +1637,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. -- @@ -2192,7 +2192,7 @@ merge patch. Description:: + -- -AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects +alertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects process incoming alerts. -- @@ -2208,7 +2208,7 @@ Type:: | `type` | `string` -| AlertmanagerConfigMatcherStrategyType defines the strategy used by +| type defines the strategy used by AlertmanagerConfig objects to match alerts in the routes and inhibition rules. @@ -2219,7 +2219,7 @@ The default value is `OnNamespace`. Description:: + -- -Namespaces to be selected for AlertmanagerConfig discovery. If nil, only +alertmanagerConfigNamespaceSelector defines the namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. -- @@ -2304,7 +2304,7 @@ merge patch. Description:: + -- -AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. +alertmanagerConfigSelector defines the selector to be used for to merge and configure Alertmanager with. -- Type:: @@ -2388,7 +2388,7 @@ merge patch. Description:: + -- -alertmanagerConfiguration specifies the configuration of Alertmanager. +alertmanagerConfiguration defines the configuration of Alertmanager. If defined, it takes precedence over the `configSecret` field. @@ -2408,17 +2408,17 @@ Type:: | `global` | `object` -| Defines the global parameters of the Alertmanager configuration. +| global defines the global parameters of the Alertmanager configuration. | `name` | `string` -| The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration. +| name defines the name of the AlertmanagerConfig custom resource which is used to generate the Alertmanager configuration. It must be defined in the same namespace as the Alertmanager object. The operator will not enforce a `namespace` label for routes and inhibition rules. | `templates` | `array` -| Custom notification templates. +| templates defines the custom notification templates. | `templates[]` | `object` @@ -2429,7 +2429,7 @@ The operator will not enforce a `namespace` label for routes and inhibition rule Description:: + -- -Defines the global parameters of the Alertmanager configuration. +global defines the global parameters of the Alertmanager configuration. -- Type:: @@ -2444,64 +2444,64 @@ Type:: | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the default HTTP configuration. | `jira` | `object` -| The default configuration for Jira. +| jira defines the default configuration for Jira. | `opsGenieApiKey` | `object` -| The default OpsGenie API Key. +| opsGenieApiKey defines the default OpsGenie API Key. | `opsGenieApiUrl` | `object` -| The default OpsGenie API URL. +| opsGenieApiUrl defines the default OpsGenie API URL. | `pagerdutyUrl` | `string` -| The default Pagerduty URL. +| pagerdutyUrl defines the default Pagerduty URL. | `resolveTimeout` | `string` -| ResolveTimeout is the default value used by alertmanager if the alert does +| resolveTimeout defines the default value used by alertmanager if the alert does not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. This has no impact on alerts from Prometheus, as they always include EndsAt. | `rocketChat` | `object` -| The default configuration for Rocket Chat. +| rocketChat defines the default configuration for Rocket Chat. | `slackApiUrl` | `object` -| The default Slack API URL. +| slackApiUrl defines the default Slack API URL. | `smtp` | `object` -| Configures global SMTP parameters. +| smtp defines global SMTP parameters. | `telegram` | `object` -| The default Telegram config +| telegram defines the default Telegram config | `victorops` | `object` -| The default configuration for VictorOps. +| victorops defines the default configuration for VictorOps. | `webex` | `object` -| The default configuration for Jira. +| webex defines the default configuration for Jira. | `wechat` | `object` -| The default WeChat Config +| wechat defines the default WeChat Config |=== === .spec.alertmanagerConfiguration.global.httpConfig Description:: + -- -HTTP client configuration. +httpConfig defines the default HTTP configuration. -- Type:: @@ -2516,28 +2516,41 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. -This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| authorization configures the Authorization header credentials used by +the client. + +Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`. | `basicAuth` | `object` -| BasicAuth for the client. -This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| basicAuth defines the Basic Authentication credentials used by the +client. + +Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client -for authentication. -The secret needs to be in the same namespace as the Alertmanager -object and accessible by the Prometheus Operator. +| bearerTokenSecret defines a key of a Secret containing the bearer token +used by the client for authentication. The secret needs to be in the +same namespace as the custom resource and readable by the Prometheus +Operator. + +Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`. + +Deprecated: use `authorization` instead. + +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether the client should follow HTTP 3xx +redirects. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -2545,11 +2558,15 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 settings used by the client. + +It requires Prometheus >= 2.27.0. + +Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -2564,25 +2581,27 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration used by the client. |=== === .spec.alertmanagerConfiguration.global.httpConfig.authorization Description:: + -- -Authorization header configuration for the client. -This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +authorization configures the Authorization header credentials used by +the client. + +Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`. -- Type:: @@ -2597,11 +2616,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -2612,7 +2631,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -2648,8 +2667,10 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. -This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +basicAuth defines the Basic Authentication credentials used by the +client. + +Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`. -- Type:: @@ -2664,12 +2685,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -2677,7 +2698,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -2714,7 +2735,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -2751,10 +2772,14 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client -for authentication. -The secret needs to be in the same namespace as the Alertmanager -object and accessible by the Prometheus Operator. +bearerTokenSecret defines a key of a Secret containing the bearer token +used by the client for authentication. The secret needs to be in the +same namespace as the custom resource and readable by the Prometheus +Operator. + +Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`. + +Deprecated: use `authorization` instead. -- Type:: @@ -2790,7 +2815,11 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 settings used by the client. + +It requires Prometheus >= 2.27.0. + +Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`. -- Type:: @@ -2809,22 +2838,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -2832,7 +2861,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -2847,33 +2876,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.alertmanagerConfiguration.global.httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -2889,18 +2918,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.alertmanagerConfiguration.global.httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -2936,7 +2965,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -2972,7 +3001,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -3009,7 +3038,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -3074,7 +3103,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -3090,42 +3119,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.alertmanagerConfiguration.global.httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -3140,18 +3169,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.alertmanagerConfiguration.global.httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -3187,7 +3216,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -3223,7 +3252,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -3238,18 +3267,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.alertmanagerConfiguration.global.httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -3285,7 +3314,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -3321,7 +3350,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -3357,7 +3386,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -3422,7 +3451,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration used by the client. -- Type:: @@ -3437,42 +3466,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.alertmanagerConfiguration.global.httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -3487,18 +3516,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.alertmanagerConfiguration.global.httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -3534,7 +3563,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -3570,7 +3599,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -3585,18 +3614,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.alertmanagerConfiguration.global.httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -3632,7 +3661,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -3668,7 +3697,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -3704,7 +3733,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The default configuration for Jira. +jira defines the default configuration for Jira. -- Type:: @@ -3719,7 +3748,7 @@ Type:: | `apiURL` | `string` -| The default Jira API URL. +| apiURL defines the default Jira API URL. It requires Alertmanager >= v0.28.0. @@ -3728,7 +3757,7 @@ It requires Alertmanager >= v0.28.0. Description:: + -- -The default OpsGenie API Key. +opsGenieApiKey defines the default OpsGenie API Key. -- Type:: @@ -3764,7 +3793,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The default OpsGenie API URL. +opsGenieApiUrl defines the default OpsGenie API URL. -- Type:: @@ -3800,7 +3829,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The default configuration for Rocket Chat. +rocketChat defines the default configuration for Rocket Chat. -- Type:: @@ -3815,19 +3844,19 @@ Type:: | `apiURL` | `string` -| The default Rocket Chat API URL. +| apiURL defines the default Rocket Chat API URL. It requires Alertmanager >= v0.28.0. | `token` | `object` -| The default Rocket Chat token. +| token defines the default Rocket Chat token. It requires Alertmanager >= v0.28.0. | `tokenID` | `object` -| The default Rocket Chat Token ID. +| tokenID defines the default Rocket Chat Token ID. It requires Alertmanager >= v0.28.0. @@ -3836,7 +3865,7 @@ It requires Alertmanager >= v0.28.0. Description:: + -- -The default Rocket Chat token. +token defines the default Rocket Chat token. It requires Alertmanager >= v0.28.0. -- @@ -3874,7 +3903,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The default Rocket Chat Token ID. +tokenID defines the default Rocket Chat Token ID. It requires Alertmanager >= v0.28.0. -- @@ -3912,7 +3941,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The default Slack API URL. +slackApiUrl defines the default Slack API URL. -- Type:: @@ -3948,7 +3977,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Configures global SMTP parameters. +smtp defines global SMTP parameters. -- Type:: @@ -3963,47 +3992,47 @@ Type:: | `authIdentity` | `string` -| SMTP Auth using PLAIN +| authIdentity represents SMTP Auth using PLAIN | `authPassword` | `object` -| SMTP Auth using LOGIN and PLAIN. +| authPassword represents SMTP Auth using LOGIN and PLAIN. | `authSecret` | `object` -| SMTP Auth using CRAM-MD5. +| authSecret represents SMTP Auth using CRAM-MD5. | `authUsername` | `string` -| SMTP Auth using CRAM-MD5, LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate to the SMTP server. +| authUsername represents SMTP Auth using CRAM-MD5, LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate to the SMTP server. | `from` | `string` -| The default SMTP From header field. +| from defines the default SMTP From header field. | `hello` | `string` -| The default hostname to identify to the SMTP server. +| hello defines the default hostname to identify to the SMTP server. | `requireTLS` | `boolean` -| The default SMTP TLS requirement. +| requireTLS defines the default SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. | `smartHost` | `object` -| The default SMTP smarthost used for sending emails. +| smartHost defines the default SMTP smarthost used for sending emails. | `tlsConfig` | `object` -| The default TLS configuration for SMTP receivers +| tlsConfig defines the default TLS configuration for SMTP receivers |=== === .spec.alertmanagerConfiguration.global.smtp.authPassword Description:: + -- -SMTP Auth using LOGIN and PLAIN. +authPassword represents SMTP Auth using LOGIN and PLAIN. -- Type:: @@ -4039,7 +4068,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -SMTP Auth using CRAM-MD5. +authSecret represents SMTP Auth using CRAM-MD5. -- Type:: @@ -4075,7 +4104,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The default SMTP smarthost used for sending emails. +smartHost defines the default SMTP smarthost used for sending emails. -- Type:: @@ -4093,18 +4122,18 @@ Required:: | `host` | `string` -| Defines the host's address, it can be a DNS name or a literal IP address. +| host defines the host's address, it can be a DNS name or a literal IP address. | `port` | `string` -| Defines the host's port, it can be a literal port number or a port name. +| port defines the host's port, it can be a literal port number or a port name. |=== === .spec.alertmanagerConfiguration.global.smtp.tlsConfig Description:: + -- -The default TLS configuration for SMTP receivers +tlsConfig defines the default TLS configuration for SMTP receivers -- Type:: @@ -4119,42 +4148,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.alertmanagerConfiguration.global.smtp.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -4169,18 +4198,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.alertmanagerConfiguration.global.smtp.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4216,7 +4245,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4252,7 +4281,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -4267,18 +4296,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.alertmanagerConfiguration.global.smtp.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4314,7 +4343,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4350,7 +4379,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -4386,7 +4415,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The default Telegram config +telegram defines the default Telegram config -- Type:: @@ -4401,7 +4430,7 @@ Type:: | `apiURL` | `string` -| The default Telegram API URL. +| apiURL defines he default Telegram API URL. It requires Alertmanager >= v0.24.0. @@ -4410,7 +4439,7 @@ It requires Alertmanager >= v0.24.0. Description:: + -- -The default configuration for VictorOps. +victorops defines the default configuration for VictorOps. -- Type:: @@ -4425,18 +4454,18 @@ Type:: | `apiKey` | `object` -| The default VictorOps API Key. +| apiKey defines the default VictorOps API Key. | `apiURL` | `string` -| The default VictorOps API URL. +| apiURL defines the default VictorOps API URL. |=== === .spec.alertmanagerConfiguration.global.victorops.apiKey Description:: + -- -The default VictorOps API Key. +apiKey defines the default VictorOps API Key. -- Type:: @@ -4472,7 +4501,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The default configuration for Jira. +webex defines the default configuration for Jira. -- Type:: @@ -4487,7 +4516,7 @@ Type:: | `apiURL` | `string` -| The default Webex API URL. +| apiURL defines the is the default Webex API URL. It requires Alertmanager >= v0.25.0. @@ -4496,7 +4525,7 @@ It requires Alertmanager >= v0.25.0. Description:: + -- -The default WeChat Config +wechat defines the default WeChat Config -- Type:: @@ -4511,15 +4540,15 @@ Type:: | `apiCorpID` | `string` -| The default WeChat API Corporate ID. +| apiCorpID defines the default WeChat API Corporate ID. | `apiSecret` | `object` -| The default WeChat API Secret. +| apiSecret defines the default WeChat API Secret. | `apiURL` | `string` -| The default WeChat API URL. +| apiURL defines he default WeChat API URL. The default value is "https://qyapi.weixin.qq.com/cgi-bin/" |=== @@ -4527,7 +4556,7 @@ The default value is "https://qyapi.weixin.qq.com/cgi-bin/" Description:: + -- -The default WeChat API Secret. +apiSecret defines the default WeChat API Secret. -- Type:: @@ -4563,7 +4592,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Custom notification templates. +templates defines the custom notification templates. -- Type:: @@ -4591,18 +4620,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.alertmanagerConfiguration.templates[].configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4638,7 +4667,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4674,7 +4703,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Configures the mutual TLS configuration for the Alertmanager cluster's gossip protocol. +clusterTLS defines the mutual TLS configuration for the Alertmanager cluster's gossip protocol. It requires Alertmanager >= 0.24.0. -- @@ -4694,18 +4723,18 @@ Required:: | `client` | `object` -| Client-side configuration for mutual TLS. +| client defines the client-side configuration for mutual TLS. | `server` | `object` -| Server-side configuration for mutual TLS. +| server defines the server-side configuration for mutual TLS. |=== === .spec.clusterTLS.client Description:: + -- -Client-side configuration for mutual TLS. +client defines the client-side configuration for mutual TLS. -- Type:: @@ -4720,42 +4749,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.clusterTLS.client.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -4770,18 +4799,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.clusterTLS.client.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4817,7 +4846,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4853,7 +4882,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -4868,18 +4897,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.clusterTLS.client.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4915,7 +4944,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4951,7 +4980,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -4987,7 +5016,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Server-side configuration for mutual TLS. +server defines the server-side configuration for mutual TLS. -- Type:: @@ -5002,7 +5031,7 @@ Type:: | `cert` | `object` -| Secret or ConfigMap containing the TLS certificate for the web server. +| cert defines the Secret or ConfigMap containing the TLS certificate for the web server. Either `keySecret` or `keyFile` must be defined. @@ -5010,7 +5039,7 @@ It is mutually exclusive with `certFile`. | `certFile` | `string` -| Path to the TLS certificate file in the container for the web server. +| certFile defines the path to the TLS certificate file in the container for the web server. Either `keySecret` or `keyFile` must be defined. @@ -5018,7 +5047,7 @@ It is mutually exclusive with `cert`. | `cipherSuites` | `array (string)` -| List of supported cipher suites for TLS versions up to TLS 1.2. +| cipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. If not defined, the Go default cipher suites are used. Available cipher suites are documented in the Go documentation: @@ -5026,28 +5055,28 @@ https://golang.org/pkg/crypto/tls/#pkg-constants | `clientAuthType` | `string` -| The server policy for client TLS authentication. +| clientAuthType defines the server policy for client TLS authentication. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType | `clientCAFile` | `string` -| Path to the CA certificate file for client certificate authentication to +| clientCAFile defines the path to the CA certificate file for client certificate authentication to the server. It is mutually exclusive with `client_ca`. | `client_ca` | `object` -| Secret or ConfigMap containing the CA certificate for client certificate +| client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. It is mutually exclusive with `clientCAFile`. | `curvePreferences` | `array (string)` -| Elliptic curves that will be used in an ECDHE handshake, in preference +| curvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the Go documentation: @@ -5055,7 +5084,7 @@ https://golang.org/pkg/crypto/tls/#CurveID | `keyFile` | `string` -| Path to the TLS private key file in the container for the web server. +| keyFile defines the path to the TLS private key file in the container for the web server. If defined, either `cert` or `certFile` must be defined. @@ -5063,7 +5092,7 @@ It is mutually exclusive with `keySecret`. | `keySecret` | `object` -| Secret containing the TLS private key for the web server. +| keySecret defines the secret containing the TLS private key for the web server. Either `cert` or `certFile` must be defined. @@ -5071,15 +5100,15 @@ It is mutually exclusive with `keyFile`. | `maxVersion` | `string` -| Maximum TLS version that is acceptable. +| maxVersion defines the Maximum TLS version that is acceptable. | `minVersion` | `string` -| Minimum TLS version that is acceptable. +| minVersion defines the minimum TLS version that is acceptable. | `preferServerCipherSuites` | `boolean` -| Controls whether the server selects the client's most preferred cipher +| preferServerCipherSuites defines whether the server selects the client's most preferred cipher suite, or the server's most preferred cipher suite. If true then the server's preference, as expressed in @@ -5090,7 +5119,7 @@ the order of elements in cipherSuites, is used. Description:: + -- -Secret or ConfigMap containing the TLS certificate for the web server. +cert defines the Secret or ConfigMap containing the TLS certificate for the web server. Either `keySecret` or `keyFile` must be defined. @@ -5109,18 +5138,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.clusterTLS.server.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -5156,7 +5185,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -5192,7 +5221,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret or ConfigMap containing the CA certificate for client certificate +client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. It is mutually exclusive with `clientCAFile`. @@ -5210,18 +5239,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.clusterTLS.server.client_ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -5257,7 +5286,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -5293,7 +5322,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the TLS private key for the web server. +keySecret defines the secret containing the TLS private key for the web server. Either `cert` or `certFile` must be defined. @@ -5333,7 +5362,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Containers allows injecting additional containers. This is meant to +containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge @@ -5402,8 +5431,8 @@ Cannot be updated. | `envFrom` | `array` | List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -5483,10 +5512,10 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co | `restartPolicy` | `string` | RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, +This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: +Additionally, setting the RestartPolicy as "Always" for the init container will +have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" @@ -5498,6 +5527,24 @@ container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. + | `securityContext` | `object` | SecurityContext defines the security options the container should be run with. @@ -5615,7 +5662,8 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. +May consist of any printable ASCII characters except '='. | `value` | `string` @@ -5660,6 +5708,11 @@ Type:: | Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| `fileKeyRef` +| `object` +| FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + | `resourceFieldRef` | `object` | Selects a resource of the container: only resources limits and requests @@ -5734,6 +5787,54 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.containers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. +-- + +Type:: + `object` + +Required:: + - `key` + - `path` + - `volumeName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.containers[].env[].valueFrom.resourceFieldRef Description:: @@ -5809,8 +5910,8 @@ Description:: + -- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -5845,7 +5946,8 @@ Type:: | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. +May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -7027,7 +7129,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -7056,7 +7158,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -7099,6 +7201,93 @@ inside a container. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.containers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.containers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements +are satisfied. The only possible value is "Restart" to restart the +container. + +| `exitCodes` +| `object` +| Represents the exit codes to check on container exits. + +|=== +=== .spec.containers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +Represents the exit codes to check on container exits. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the +specified values. Possible values are: +- In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. +At most 255 elements are allowed. + |=== === .spec.containers[].securityContext Description:: @@ -7789,7 +7978,7 @@ SubPathExpr and SubPath are mutually exclusive. Description:: + -- -Defines the DNS configuration for the pods. +dnsConfig defines the DNS configuration for the pods. -- Type:: @@ -7804,12 +7993,12 @@ Type:: | `nameservers` | `array (string)` -| A list of DNS name server IP addresses. +| nameservers defines the list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. | `options` | `array` -| A list of DNS resolver options. +| options defines the list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Resolution options given in Options will override those that appear in the base DNSPolicy. @@ -7820,7 +8009,7 @@ will override those that appear in the base DNSPolicy. | `searches` | `array (string)` -| A list of DNS search domains for host-name lookup. +| searches defines the list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. |=== @@ -7828,7 +8017,7 @@ This will be appended to the base search paths generated from DNSPolicy. Description:: + -- -A list of DNS resolver options. +options defines the list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Resolution options given in Options will override those that appear in the base DNSPolicy. @@ -7861,18 +8050,18 @@ Required:: | `name` | `string` -| Name is required and must be unique. +| name is required and must be unique. | `value` | `string` -| Value is optional. +| value is optional. |=== === .spec.hostAliases Description:: + -- -Pods' hostAliases configuration +hostAliases Pods configuration -- Type:: @@ -7904,18 +8093,18 @@ Required:: | `hostnames` | `array (string)` -| Hostnames for the above IP address. +| hostnames defines hostnames for the above IP address. | `ip` | `string` -| IP address of the host file entry. +| ip defines the IP address of the host file entry. |=== === .spec.imagePullSecrets Description:: + -- -An optional list of references to secrets in the same namespace +imagePullSecrets An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -- @@ -7957,7 +8146,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. +initContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator @@ -8027,8 +8216,8 @@ Cannot be updated. | `envFrom` | `array` | List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -8108,10 +8297,10 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co | `restartPolicy` | `string` | RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, +This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: +Additionally, setting the RestartPolicy as "Always" for the init container will +have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" @@ -8123,6 +8312,24 @@ container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. + | `securityContext` | `object` | SecurityContext defines the security options the container should be run with. @@ -8240,7 +8447,8 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. +May consist of any printable ASCII characters except '='. | `value` | `string` @@ -8285,6 +8493,11 @@ Type:: | Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| `fileKeyRef` +| `object` +| FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + | `resourceFieldRef` | `object` | Selects a resource of the container: only resources limits and requests @@ -8359,6 +8572,54 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.initContainers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. +-- + +Type:: + `object` + +Required:: + - `key` + - `path` + - `volumeName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.initContainers[].env[].valueFrom.resourceFieldRef Description:: @@ -8434,8 +8695,8 @@ Description:: + -- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -8470,7 +8731,8 @@ Type:: | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. +May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -9652,7 +9914,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -9681,7 +9943,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -9724,6 +9986,93 @@ inside a container. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.initContainers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.initContainers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements +are satisfied. The only possible value is "Restart" to restart the +container. + +| `exitCodes` +| `object` +| Represents the exit codes to check on container exits. + +|=== +=== .spec.initContainers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +Represents the exit codes to check on container exits. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the +specified values. Possible values are: +- In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. +At most 255 elements are allowed. + |=== === .spec.initContainers[].securityContext Description:: @@ -10414,7 +10763,7 @@ SubPathExpr and SubPath are mutually exclusive. Description:: + -- -Defines the limits command line flags when starting Alertmanager. +limits defines the limits command line flags when starting Alertmanager. -- Type:: @@ -10429,13 +10778,13 @@ Type:: | `maxPerSilenceBytes` | `string` -| The maximum size of an individual silence as stored on disk. This corresponds to the Alertmanager's +| maxPerSilenceBytes defines the maximum size of an individual silence as stored on disk. This corresponds to the Alertmanager's `--silences.max-per-silence-bytes` flag. It requires Alertmanager >= v0.28.0. | `maxSilences` | `integer` -| The maximum number active and pending silences. This corresponds to the +| maxSilences defines the maximum number active and pending silences. This corresponds to the Alertmanager's `--silences.max-silences` flag. It requires Alertmanager >= v0.28.0. @@ -10444,7 +10793,7 @@ It requires Alertmanager >= v0.28.0. Description:: + -- -The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. +persistentVolumeClaimRetentionPolicy controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate. @@ -10480,7 +10829,7 @@ the replica count to be deleted. Description:: + -- -PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. +podMetadata defines labels and annotations which are propagated to the Alertmanager pods. The following items are reserved and cannot be overridden: * "alertmanager" label, set to the name of the Alertmanager instance. @@ -10503,21 +10852,21 @@ Type:: | `annotations` | `object (string)` -| Annotations is an unstructured key value map stored with a resource that may be +| annotations defines an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | `labels` | `object (string)` -| Map of string keys and values that can be used to organize and categorize +| labels define the map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | `name` | `string` -| Name must be unique within a namespace. Is required when creating resources, although +| name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. @@ -10529,7 +10878,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Define resources requests and limits for single Pods. +resources defines the resource requests and limits of the Pods. -- Type:: @@ -10547,7 +10896,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -10576,7 +10925,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -10624,7 +10973,7 @@ only the result of this request. Description:: + -- -SecurityContext holds pod-level security attributes and common container settings. +securityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. -- @@ -10976,7 +11325,7 @@ PodSecurityContext, the value specified in SecurityContext takes precedence. Description:: + -- -Storage is the definition of how storage will be used by the Alertmanager +storage defines the definition of how storage will be used by the Alertmanager instances. -- @@ -10992,24 +11341,24 @@ Type:: | `disableMountSubPath` | `boolean` -| Deprecated: subPath usage will be removed in a future release. +| disableMountSubPath deprecated: subPath usage will be removed in a future release. | `emptyDir` | `object` -| EmptyDirVolumeSource to be used by the StatefulSet. +| emptyDir to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir | `ephemeral` | `object` -| EphemeralVolumeSource to be used by the StatefulSet. +| ephemeral to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes | `volumeClaimTemplate` | `object` -| Defines the PVC spec to be used by the Prometheus StatefulSets. +| volumeClaimTemplate defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. @@ -11018,7 +11367,7 @@ is to use a label selector alongside manually created PersistentVolumes. Description:: + -- -EmptyDirVolumeSource to be used by the StatefulSet. +emptyDir to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir -- @@ -11054,7 +11403,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir Description:: + -- -EphemeralVolumeSource to be used by the StatefulSet. +ephemeral to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes @@ -11247,15 +11596,13 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class- | volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. +it can be changed after the claim is created. An empty string or nil value indicates that no +VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, +this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). | `volumeMode` | `string` @@ -11494,7 +11841,7 @@ merge patch. Description:: + -- -Defines the PVC spec to be used by the Prometheus StatefulSets. +volumeClaimTemplate defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. -- @@ -11526,23 +11873,23 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- | `metadata` | `object` -| EmbeddedMetadata contains metadata relevant to an EmbeddedResource. +| metadata defines EmbeddedMetadata contains metadata relevant to an EmbeddedResource. | `spec` | `object` -| Defines the desired characteristics of a volume requested by a pod author. +| spec defines the specification of the characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | `status` | `object` -| Deprecated: this field is never set. +| status is deprecated: this field is never set. |=== === .spec.storage.volumeClaimTemplate.metadata Description:: + -- -EmbeddedMetadata contains metadata relevant to an EmbeddedResource. +metadata defines EmbeddedMetadata contains metadata relevant to an EmbeddedResource. -- Type:: @@ -11557,21 +11904,21 @@ Type:: | `annotations` | `object (string)` -| Annotations is an unstructured key value map stored with a resource that may be +| annotations defines an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | `labels` | `object (string)` -| Map of string keys and values that can be used to organize and categorize +| labels define the map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | `name` | `string` -| Name must be unique within a namespace. Is required when creating resources, although +| name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. @@ -11583,7 +11930,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Defines the desired characteristics of a volume requested by a pod author. +spec defines the specification of the characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims -- @@ -11661,15 +12008,13 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class- | volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. +it can be changed after the claim is created. An empty string or nil value indicates that no +VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, +this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). | `volumeMode` | `string` @@ -11908,7 +12253,7 @@ merge patch. Description:: + -- -Deprecated: this field is never set. +status is deprecated: this field is never set. -- Type:: @@ -12006,13 +12351,11 @@ resized then the Condition will be set to 'Resizing'. | `string` | currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim -This is a beta field and requires enabling VolumeAttributesClass feature (off by default). | `modifyVolumeStatus` | `object` | ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. -This is a beta field and requires enabling VolumeAttributesClass feature (off by default). | `phase` | `string` @@ -12089,7 +12432,6 @@ Description:: -- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. -This is a beta field and requires enabling VolumeAttributesClass feature (off by default). -- Type:: @@ -12126,7 +12468,7 @@ Note: New statuses can be added in the future. Consumers should check for unknow Description:: + -- -If specified, the pod's tolerations. +tolerations defines the pod's tolerations. -- Type:: @@ -12187,7 +12529,7 @@ If the operator is Exists, the value should be empty, otherwise just a regular s Description:: + -- -If specified, the pod's topology spread constraints. +topologySpreadConstraints defines the Pod's topology spread constraints. -- Type:: @@ -12422,7 +12764,7 @@ merge patch. Description:: + -- -VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. +volumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. -- @@ -12512,7 +12854,7 @@ SubPathExpr and SubPath are mutually exclusive. Description:: + -- -Volumes allows configuration of additional volumes on the output StatefulSet definition. +volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. -- @@ -12652,7 +12994,6 @@ into the Pod's container. | `object` | glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. -More info: https://examples.k8s.io/volumes/glusterfs/README.md | `hostPath` | `object` @@ -12683,7 +13024,7 @@ The field spec.securityContext.fsGroupChangePolicy has no effect on this volume | `object` | iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi | `name` | `string` @@ -12727,7 +13068,6 @@ Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supp | `object` | rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. -More info: https://examples.k8s.io/volumes/rbd/README.md | `scaleIO` | `object` @@ -13634,15 +13974,13 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class- | volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. +it can be changed after the claim is created. An empty string or nil value indicates that no +VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, +this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). | `volumeMode` | `string` @@ -14120,7 +14458,6 @@ Description:: -- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. -More info: https://examples.k8s.io/volumes/glusterfs/README.md -- Type:: @@ -14139,7 +14476,6 @@ Required:: | `endpoints` | `string` | endpoints is the endpoint name that details Glusterfs topology. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod | `path` | `string` @@ -14243,7 +14579,7 @@ Description:: -- iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi -- Type:: @@ -14572,6 +14908,43 @@ may change the order over time. | `object` | downwardAPI information about the downwardAPI data to project +| `podCertificate` +| `object` +| Projects an auto-rotating credential bundle (private key and certificate +chain) that the pod can use either as a TLS client or server. + +Kubelet generates a private key and uses it to send a +PodCertificateRequest to the named signer. Once the signer approves the +request and issues a certificate chain, Kubelet writes the key and +certificate chain to the pod filesystem. The pod does not start until +certificates have been issued for each podCertificate projected volume +source in its spec. + +Kubelet will begin trying to rotate the certificate at the time indicated +by the signer using the PodCertificateRequest.Status.BeginRefreshAt +timestamp. + +Kubelet can write a single file, indicated by the credentialBundlePath +field, or separate files, indicated by the keyPath and +certificateChainPath fields. + +The credential bundle is a single file in PEM format. The first PEM +entry is the private key (in PKCS#8 format), and the remaining PEM +entries are the certificate chain issued by the signer (typically, +signers will return their certificate chain in leaf-to-root order). + +Prefer using the credential bundle format, since your application code +can read it atomically. If you use keyPath and certificateChainPath, +your application must make two separate file reads. If these coincide +with a certificate rotation, it is possible that the private key and leaf +certificate you read may not correspond to each other. Your application +will need to check for this condition, and re-read until they are +consistent. + +The named signer controls chooses the format of the certificate it +issues; consult the signer implementation's documentation to learn how to +use the certificates it issues. + | `secret` | `object` | secret information about the secret data to project @@ -14975,6 +15348,123 @@ Required:: | `string` | Required: resource to select +|=== +=== .spec.volumes[].projected.sources[].podCertificate +Description:: ++ +-- +Projects an auto-rotating credential bundle (private key and certificate +chain) that the pod can use either as a TLS client or server. + +Kubelet generates a private key and uses it to send a +PodCertificateRequest to the named signer. Once the signer approves the +request and issues a certificate chain, Kubelet writes the key and +certificate chain to the pod filesystem. The pod does not start until +certificates have been issued for each podCertificate projected volume +source in its spec. + +Kubelet will begin trying to rotate the certificate at the time indicated +by the signer using the PodCertificateRequest.Status.BeginRefreshAt +timestamp. + +Kubelet can write a single file, indicated by the credentialBundlePath +field, or separate files, indicated by the keyPath and +certificateChainPath fields. + +The credential bundle is a single file in PEM format. The first PEM +entry is the private key (in PKCS#8 format), and the remaining PEM +entries are the certificate chain issued by the signer (typically, +signers will return their certificate chain in leaf-to-root order). + +Prefer using the credential bundle format, since your application code +can read it atomically. If you use keyPath and certificateChainPath, +your application must make two separate file reads. If these coincide +with a certificate rotation, it is possible that the private key and leaf +certificate you read may not correspond to each other. Your application +will need to check for this condition, and re-read until they are +consistent. + +The named signer controls chooses the format of the certificate it +issues; consult the signer implementation's documentation to learn how to +use the certificates it issues. +-- + +Type:: + `object` + +Required:: + - `keyType` + - `signerName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `certificateChainPath` +| `string` +| Write the certificate chain at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath +and certificateChainPath, your application needs to check that the key +and leaf certificate are consistent, because it is possible to read the +files mid-rotation. + +| `credentialBundlePath` +| `string` +| Write the credential bundle at this path in the projected volume. + +The credential bundle is a single file that contains multiple PEM blocks. +The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private +key. + +The remaining blocks are CERTIFICATE blocks, containing the issued +certificate chain from the signer (leaf and any intermediates). + +Using credentialBundlePath lets your Pod's application code make a single +atomic read that retrieves a consistent key and certificate chain. If you +project them to separate files, your application code will need to +additionally check that the leaf certificate was issued to the key. + +| `keyPath` +| `string` +| Write the key at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath +and certificateChainPath, your application needs to check that the key +and leaf certificate are consistent, because it is possible to read the +files mid-rotation. + +| `keyType` +| `string` +| The type of keypair Kubelet will generate for the pod. + +Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", +"ECDSAP521", and "ED25519". + +| `maxExpirationSeconds` +| `integer` +| maxExpirationSeconds is the maximum lifetime permitted for the +certificate. + +Kubelet copies this value verbatim into the PodCertificateRequests it +generates for this projection. + +If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver +will reject values shorter than 3600 (1 hour). The maximum allowable +value is 7862400 (91 days). + +The signer implementation is then free to issue a certificate with any +lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 +seconds (1 hour). This constraint is enforced by kube-apiserver. +`kubernetes.io` signers will never issue certificates with a lifetime +longer than 24 hours. + +| `signerName` +| `string` +| Kubelet's generated CSRs will be addressed to this signer. + |=== === .spec.volumes[].projected.sources[].secret Description:: @@ -15179,7 +15669,6 @@ Description:: -- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. -More info: https://examples.k8s.io/volumes/rbd/README.md -- Type:: @@ -15602,7 +16091,7 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. Description:: + -- -Defines the web command line flags when starting Alertmanager. +web defines the web command line flags when starting Alertmanager. -- Type:: @@ -15617,28 +16106,28 @@ Type:: | `getConcurrency` | `integer` -| Maximum number of GET requests processed concurrently. This corresponds to the +| getConcurrency defines the maximum number of GET requests processed concurrently. This corresponds to the Alertmanager's `--web.get-concurrency` flag. | `httpConfig` | `object` -| Defines HTTP parameters for web server. +| httpConfig defines HTTP parameters for web server. | `timeout` | `integer` -| Timeout for HTTP requests. This corresponds to the Alertmanager's +| timeout for HTTP requests. This corresponds to the Alertmanager's `--web.timeout` flag. | `tlsConfig` | `object` -| Defines the TLS parameters for HTTPS. +| tlsConfig defines the TLS parameters for HTTPS. |=== === .spec.web.httpConfig Description:: + -- -Defines HTTP parameters for web server. +httpConfig defines HTTP parameters for web server. -- Type:: @@ -15653,11 +16142,11 @@ Type:: | `headers` | `object` -| List of headers that can be added to HTTP responses. +| headers defines a list of headers that can be added to HTTP responses. | `http2` | `boolean` -| Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. +| http2 enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered. @@ -15666,7 +16155,7 @@ Whenever the value of the field changes, a rolling update will be triggered. Description:: + -- -List of headers that can be added to HTTP responses. +headers defines a list of headers that can be added to HTTP responses. -- Type:: @@ -15681,12 +16170,12 @@ Type:: | `contentSecurityPolicy` | `string` -| Set the Content-Security-Policy header to HTTP responses. +| contentSecurityPolicy defines the Content-Security-Policy header to HTTP responses. Unset if blank. | `strictTransportSecurity` | `string` -| Set the Strict-Transport-Security header to HTTP responses. +| strictTransportSecurity defines the Strict-Transport-Security header to HTTP responses. Unset if blank. Please make sure that you use this with care as this header might force browsers to load Prometheus and the other applications hosted on the same @@ -15695,19 +16184,19 @@ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Secur | `xContentTypeOptions` | `string` -| Set the X-Content-Type-Options header to HTTP responses. +| xContentTypeOptions defines the X-Content-Type-Options header to HTTP responses. Unset if blank. Accepted value is nosniff. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options | `xFrameOptions` | `string` -| Set the X-Frame-Options header to HTTP responses. +| xFrameOptions defines the X-Frame-Options header to HTTP responses. Unset if blank. Accepted values are deny and sameorigin. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | `xXSSProtection` | `string` -| Set the X-XSS-Protection header to all responses. +| xXSSProtection defines the X-XSS-Protection header to all responses. Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection @@ -15716,7 +16205,7 @@ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection Description:: + -- -Defines the TLS parameters for HTTPS. +tlsConfig defines the TLS parameters for HTTPS. -- Type:: @@ -15731,7 +16220,7 @@ Type:: | `cert` | `object` -| Secret or ConfigMap containing the TLS certificate for the web server. +| cert defines the Secret or ConfigMap containing the TLS certificate for the web server. Either `keySecret` or `keyFile` must be defined. @@ -15739,7 +16228,7 @@ It is mutually exclusive with `certFile`. | `certFile` | `string` -| Path to the TLS certificate file in the container for the web server. +| certFile defines the path to the TLS certificate file in the container for the web server. Either `keySecret` or `keyFile` must be defined. @@ -15747,7 +16236,7 @@ It is mutually exclusive with `cert`. | `cipherSuites` | `array (string)` -| List of supported cipher suites for TLS versions up to TLS 1.2. +| cipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. If not defined, the Go default cipher suites are used. Available cipher suites are documented in the Go documentation: @@ -15755,28 +16244,28 @@ https://golang.org/pkg/crypto/tls/#pkg-constants | `clientAuthType` | `string` -| The server policy for client TLS authentication. +| clientAuthType defines the server policy for client TLS authentication. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType | `clientCAFile` | `string` -| Path to the CA certificate file for client certificate authentication to +| clientCAFile defines the path to the CA certificate file for client certificate authentication to the server. It is mutually exclusive with `client_ca`. | `client_ca` | `object` -| Secret or ConfigMap containing the CA certificate for client certificate +| client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. It is mutually exclusive with `clientCAFile`. | `curvePreferences` | `array (string)` -| Elliptic curves that will be used in an ECDHE handshake, in preference +| curvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the Go documentation: @@ -15784,7 +16273,7 @@ https://golang.org/pkg/crypto/tls/#CurveID | `keyFile` | `string` -| Path to the TLS private key file in the container for the web server. +| keyFile defines the path to the TLS private key file in the container for the web server. If defined, either `cert` or `certFile` must be defined. @@ -15792,7 +16281,7 @@ It is mutually exclusive with `keySecret`. | `keySecret` | `object` -| Secret containing the TLS private key for the web server. +| keySecret defines the secret containing the TLS private key for the web server. Either `cert` or `certFile` must be defined. @@ -15800,15 +16289,15 @@ It is mutually exclusive with `keyFile`. | `maxVersion` | `string` -| Maximum TLS version that is acceptable. +| maxVersion defines the Maximum TLS version that is acceptable. | `minVersion` | `string` -| Minimum TLS version that is acceptable. +| minVersion defines the minimum TLS version that is acceptable. | `preferServerCipherSuites` | `boolean` -| Controls whether the server selects the client's most preferred cipher +| preferServerCipherSuites defines whether the server selects the client's most preferred cipher suite, or the server's most preferred cipher suite. If true then the server's preference, as expressed in @@ -15819,7 +16308,7 @@ the order of elements in cipherSuites, is used. Description:: + -- -Secret or ConfigMap containing the TLS certificate for the web server. +cert defines the Secret or ConfigMap containing the TLS certificate for the web server. Either `keySecret` or `keyFile` must be defined. @@ -15838,18 +16327,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.web.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -15885,7 +16374,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -15921,7 +16410,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret or ConfigMap containing the CA certificate for client certificate +client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. It is mutually exclusive with `clientCAFile`. @@ -15939,18 +16428,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.web.tlsConfig.client_ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -15986,7 +16475,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -16022,7 +16511,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the TLS private key for the web server. +keySecret defines the secret containing the TLS private key for the web server. Either `cert` or `certFile` must be defined. @@ -16062,7 +16551,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Most recent observed status of the Alertmanager cluster. Read-only. +status defines the most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status -- @@ -16070,12 +16559,6 @@ https://github.com/kubernetes/community/blob/master/contributors/devel/sig-archi Type:: `object` -Required:: - - `availableReplicas` - - `paused` - - `replicas` - - `unavailableReplicas` - - `updatedReplicas` @@ -16085,12 +16568,12 @@ Required:: | `availableReplicas` | `integer` -| Total number of available pods (ready for at least minReadySeconds) +| availableReplicas defines the total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. | `conditions` | `array` -| The current state of the Alertmanager object. +| conditions defines the current state of the Alertmanager object. | `conditions[]` | `object` @@ -16099,25 +16582,25 @@ Prometheus, Alertmanager or ThanosRuler resource. | `paused` | `boolean` -| Represents whether any actions on the underlying managed objects are +| paused defines whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. | `replicas` | `integer` -| Total number of non-terminated pods targeted by this Alertmanager +| replicas defines the total number of non-terminated pods targeted by this Alertmanager object (their labels match the selector). | `selector` | `string` -| The selector used to match the pods targeted by this Alertmanager object. +| selector used to match the pods targeted by this Alertmanager object. | `unavailableReplicas` | `integer` -| Total number of unavailable pods targeted by this Alertmanager object. +| unavailableReplicas defines the total number of unavailable pods targeted by this Alertmanager object. | `updatedReplicas` | `integer` -| Total number of non-terminated pods targeted by this Alertmanager +| updatedReplicas defines the total number of non-terminated pods targeted by this Alertmanager object that have the desired version spec. |=== @@ -16125,7 +16608,7 @@ object that have the desired version spec. Description:: + -- -The current state of the Alertmanager object. +conditions defines the current state of the Alertmanager object. -- Type:: @@ -16162,11 +16645,11 @@ Required:: | `message` | `string` -| Human-readable message indicating details for the condition's last transition. +| message defines human-readable message indicating details for the condition's last transition. | `observedGeneration` | `integer` -| ObservedGeneration represents the .metadata.generation that the +| observedGeneration defines the .metadata.generation that the condition was set based upon. For instance, if `.metadata.generation` is currently 12, but the `.status.conditions[].observedGeneration` is 9, the condition is out of date with respect to the current state of the @@ -16174,15 +16657,15 @@ instance. | `reason` | `string` -| Reason for the condition's last transition. +| reason for the condition's last transition. | `status` | `string` -| Status of the condition. +| status of the condition. | `type` | `string` -| Type of the condition being reported. +| type of the condition being reported. |=== diff --git a/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc b/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc index bb9ffe7a69..e0403d9aef 100644 --- a/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc +++ b/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc @@ -43,18 +43,14 @@ Required:: | `spec` | `object` -| AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. -By definition, the Alertmanager configuration only applies to alerts for which -the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. +| spec defines the specification of AlertmanagerConfigSpec |=== === .spec Description:: + -- -AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. -By definition, the Alertmanager configuration only applies to alerts for which -the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. +spec defines the specification of AlertmanagerConfigSpec -- Type:: @@ -69,7 +65,7 @@ Type:: | `inhibitRules` | `array` -| List of inhibition rules. The rules will only apply to alerts matching +| inhibitRules defines the list of inhibition rules. The rules will only apply to alerts matching the resource's namespace. | `inhibitRules[]` @@ -80,7 +76,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule | `receivers` | `array` -| List of receivers. +| receivers defines the list of receivers. | `receivers[]` | `object` @@ -88,13 +84,13 @@ See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule | `route` | `object` -| The Alertmanager route definition for alerts matching the resource's +| route defines the Alertmanager route definition for alerts matching the resource's namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. | `timeIntervals` | `array` -| List of TimeInterval specifying when the routes should be muted or active. +| timeIntervals defines the list of timeIntervals specifying when the routes should be muted. | `timeIntervals[]` | `object` @@ -105,7 +101,7 @@ configuration as a first-level route. Description:: + -- -List of inhibition rules. The rules will only apply to alerts matching +inhibitRules defines the list of inhibition rules. The rules will only apply to alerts matching the resource's namespace. -- @@ -136,14 +132,14 @@ Type:: | `equal` | `array (string)` -| Labels that must have an equal value in the source and target alert for -the inhibition to take effect. +| equal defines labels that must have an equal value in the source and target alert +for the inhibition to take effect. This ensures related alerts are properly grouped. | `sourceMatch` | `array` -| Matchers for which one or more alerts have to exist for the inhibition -to take effect. The operator enforces that the alert matches the -resource's namespace. +| sourceMatch defines matchers for which one or more alerts have to exist for the inhibition +to take effect. The operator enforces that the alert matches the resource's namespace. +These are the "trigger" alerts that cause other alerts to be inhibited. | `sourceMatch[]` | `object` @@ -151,8 +147,9 @@ resource's namespace. | `targetMatch` | `array` -| Matchers that have to be fulfilled in the alerts to be muted. The -operator enforces that the alert matches the resource's namespace. +| targetMatch defines matchers that have to be fulfilled in the alerts to be muted. +The operator enforces that the alert matches the resource's namespace. +When these conditions are met, matching alerts will be inhibited (silenced). | `targetMatch[]` | `object` @@ -163,9 +160,9 @@ operator enforces that the alert matches the resource's namespace. Description:: + -- -Matchers for which one or more alerts have to exist for the inhibition -to take effect. The operator enforces that the alert matches the -resource's namespace. +sourceMatch defines matchers for which one or more alerts have to exist for the inhibition +to take effect. The operator enforces that the alert matches the resource's namespace. +These are the "trigger" alerts that cause other alerts to be inhibited. -- Type:: @@ -195,25 +192,28 @@ Required:: | `matchType` | `string` -| Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex -match) or `!~` (not regex match). -Negative operators (`!=` and `!~`) require Alertmanager >= v0.22.0. +| matchType defines the match operation available with AlertManager >= v0.22.0. +Takes precedence over Regex (deprecated) if non-empty. +Valid values: "=" (equality), "!=" (inequality), "=~" (regex match), "!~" (regex non-match). | `name` | `string` -| Label to match. +| name defines the label to match. +This specifies which alert label should be evaluated. | `value` | `string` -| Label value to match. +| value defines the label value to match. +This is the expected value for the specified label. |=== === .spec.inhibitRules[].targetMatch Description:: + -- -Matchers that have to be fulfilled in the alerts to be muted. The -operator enforces that the alert matches the resource's namespace. +targetMatch defines matchers that have to be fulfilled in the alerts to be muted. +The operator enforces that the alert matches the resource's namespace. +When these conditions are met, matching alerts will be inhibited (silenced). -- Type:: @@ -243,24 +243,26 @@ Required:: | `matchType` | `string` -| Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex -match) or `!~` (not regex match). -Negative operators (`!=` and `!~`) require Alertmanager >= v0.22.0. +| matchType defines the match operation available with AlertManager >= v0.22.0. +Takes precedence over Regex (deprecated) if non-empty. +Valid values: "=" (equality), "!=" (inequality), "=~" (regex match), "!~" (regex non-match). | `name` | `string` -| Label to match. +| name defines the label to match. +This specifies which alert label should be evaluated. | `value` | `string` -| Label value to match. +| value defines the label value to match. +This is the expected value for the specified label. |=== === .spec.receivers Description:: + -- -List of receivers. +receivers defines the list of receivers. -- Type:: @@ -290,7 +292,7 @@ Required:: | `discordConfigs` | `array` -| List of Slack configurations. +| discordConfigs defines the list of Slack configurations. | `discordConfigs[]` | `object` @@ -299,7 +301,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#discord_config | `emailConfigs` | `array` -| List of Email configurations. +| emailConfigs defines the list of Email configurations. | `emailConfigs[]` | `object` @@ -307,7 +309,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#discord_config | `msteamsConfigs` | `array` -| List of MSTeams configurations. +| msteamsConfigs defines the list of MSTeams configurations. It requires Alertmanager >= 0.26.0. | `msteamsConfigs[]` @@ -317,22 +319,22 @@ It requires Alertmanager >= 0.26.0. | `msteamsv2Configs` | `array` -| List of MSTeamsV2 configurations. +| msteamsv2Configs defines the list of MSTeamsV2 configurations. It requires Alertmanager >= 0.28.0. | `msteamsv2Configs[]` | `object` -| MSTeamsV2Config configures notifications via Microsoft Teams using the new message format with adaptive cards as required by flows +| MSTeamsV2Config configures notifications via Microsoft Teams using the new message format with adaptive cards as required by flows. See https://prometheus.io/docs/alerting/latest/configuration/#msteamsv2_config It requires Alertmanager >= 0.28.0. | `name` | `string` -| Name of the receiver. Must be unique across all items from the list. +| name defines the name of the receiver. Must be unique across all items from the list. | `opsgenieConfigs` | `array` -| List of OpsGenie configurations. +| opsgenieConfigs defines the list of OpsGenie configurations. | `opsgenieConfigs[]` | `object` @@ -341,7 +343,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config | `pagerdutyConfigs` | `array` -| List of PagerDuty configurations. +| pagerdutyConfigs defines the List of PagerDuty configurations. | `pagerdutyConfigs[]` | `object` @@ -350,7 +352,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config | `pushoverConfigs` | `array` -| List of Pushover configurations. +| pushoverConfigs defines the list of Pushover configurations. | `pushoverConfigs[]` | `object` @@ -359,7 +361,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config | `rocketchatConfigs` | `array` -| List of RocketChat configurations. +| rocketchatConfigs defines the list of RocketChat configurations. It requires Alertmanager >= 0.28.0. | `rocketchatConfigs[]` @@ -369,7 +371,7 @@ It requires Alertmanager >= 0.28.0. | `slackConfigs` | `array` -| List of Slack configurations. +| slackConfigs defines the list of Slack configurations. | `slackConfigs[]` | `object` @@ -378,7 +380,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#slack_config | `snsConfigs` | `array` -| List of SNS configurations +| snsConfigs defines the list of SNS configurations | `snsConfigs[]` | `object` @@ -387,7 +389,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs | `telegramConfigs` | `array` -| List of Telegram configurations. +| telegramConfigs defines the list of Telegram configurations. | `telegramConfigs[]` | `object` @@ -396,7 +398,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config | `victoropsConfigs` | `array` -| List of VictorOps configurations. +| victoropsConfigs defines the list of VictorOps configurations. | `victoropsConfigs[]` | `object` @@ -405,7 +407,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config | `webexConfigs` | `array` -| List of Webex configurations. +| webexConfigs defines the list of Webex configurations. | `webexConfigs[]` | `object` @@ -414,7 +416,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#webex_config | `webhookConfigs` | `array` -| List of webhook configurations. +| webhookConfigs defines the List of webhook configurations. | `webhookConfigs[]` | `object` @@ -423,7 +425,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config | `wechatConfigs` | `array` -| List of WeChat configurations. +| wechatConfigs defines the list of WeChat configurations. | `wechatConfigs[]` | `object` @@ -435,7 +437,7 @@ See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config Description:: + -- -List of Slack configurations. +discordConfigs defines the list of Slack configurations. -- Type:: @@ -466,44 +468,44 @@ Required:: | `apiURL` | `object` -| The secret's key that contains the Discord webhook URL. +| apiURL defines the secret's key that contains the Discord webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. | `avatarURL` | `string` -| The avatar url of the message sender. +| avatarURL defines the avatar url of the message sender. | `content` | `string` -| The template of the content's body. +| content defines the template of the content's body. | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines HTTP client configuration. | `message` | `string` -| The template of the message's body. +| message defines the template of the message's body. | `sendResolved` | `boolean` -| Whether or not to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `title` | `string` -| The template of the message's title. +| title defines the template of the message's title. | `username` | `string` -| The username of the message sender. +| username defines the username of the message sender. |=== === .spec.receivers[].discordConfigs[].apiURL Description:: + -- -The secret's key that contains the Discord webhook URL. +apiURL defines the secret's key that contains the Discord webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. -- @@ -541,7 +543,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -HTTP client configuration. +httpConfig defines HTTP client configuration. -- Type:: @@ -556,28 +558,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -585,11 +592,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -604,30 +612,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].discordConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -643,11 +651,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -658,7 +666,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -694,7 +702,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -710,12 +718,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -723,7 +731,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -760,7 +768,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -797,7 +805,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -818,18 +826,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].discordConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -848,22 +857,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -871,7 +880,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -886,33 +895,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].discordConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -928,18 +937,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].discordConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -975,7 +984,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1011,7 +1020,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -1048,7 +1057,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -1113,7 +1122,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -1129,42 +1138,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].discordConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -1179,18 +1188,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].discordConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1226,7 +1235,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1262,7 +1271,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -1277,18 +1286,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].discordConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1324,7 +1333,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1360,7 +1369,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -1396,7 +1405,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -1461,7 +1470,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -1476,42 +1486,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].discordConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -1526,18 +1536,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].discordConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1573,7 +1583,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1609,7 +1619,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -1624,18 +1634,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].discordConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1671,7 +1681,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1707,7 +1717,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -1743,7 +1753,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -List of Email configurations. +emailConfigs defines the list of Email configurations. -- Type:: @@ -1771,32 +1781,36 @@ Type:: | `authIdentity` | `string` -| The identity to use for authentication. +| authIdentity defines the identity to use for SMTP authentication. +This is typically used with PLAIN authentication mechanism. | `authPassword` | `object` -| The secret's key that contains the password to use for authentication. +| authPassword defines the secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. | `authSecret` | `object` -| The secret's key that contains the CRAM-MD5 secret. +| authSecret defines the secret's key that contains the CRAM-MD5 secret. +This is used for CRAM-MD5 authentication mechanism. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. | `authUsername` | `string` -| The username to use for authentication. +| authUsername defines the username to use for SMTP authentication. +This is used for SMTP AUTH when the server requires authentication. | `from` | `string` -| The sender address. +| from defines the sender address for email notifications. +This appears as the "From" field in the email header. | `headers` | `array` -| Further headers email header key/value pairs. Overrides any headers -previously set by the notification implementation. +| headers defines additional email header key/value pairs. +These override any headers previously set by the notification implementation. | `headers[]` | `object` @@ -1804,43 +1818,49 @@ previously set by the notification implementation. | `hello` | `string` -| The hostname to identify to the SMTP server. +| hello defines the hostname to identify to the SMTP server. +This is used in the SMTP HELO/EHLO command during the connection handshake. | `html` | `string` -| The HTML body of the email notification. +| html defines the HTML body of the email notification. +This allows for rich formatting in the email content. | `requireTLS` | `boolean` -| The SMTP TLS requirement. +| requireTLS defines the SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. | `sendResolved` | `boolean` -| Whether or not to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `smarthost` | `string` -| The SMTP host and port through which emails are sent. E.g. example.com:25 +| smarthost defines the SMTP host and port through which emails are sent. +Format should be "hostname:port", e.g. "smtp.example.com:587". | `text` | `string` -| The text body of the email notification. +| text defines the plain text body of the email notification. +This provides a fallback for email clients that don't support HTML. | `tlsConfig` | `object` -| TLS configuration +| tlsConfig defines the TLS configuration for SMTP connections. +This includes settings for certificates, CA validation, and TLS protocol options. | `to` | `string` -| The email address to send notifications to. +| to defines the email address to send notifications to. +This is the recipient address for alert notifications. |=== === .spec.receivers[].emailConfigs[].authPassword Description:: + -- -The secret's key that contains the password to use for authentication. +authPassword defines the secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. -- @@ -1860,18 +1880,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].emailConfigs[].authSecret Description:: + -- -The secret's key that contains the CRAM-MD5 secret. +authSecret defines the secret's key that contains the CRAM-MD5 secret. +This is used for CRAM-MD5 authentication mechanism. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. -- @@ -1891,19 +1912,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].emailConfigs[].headers Description:: + -- -Further headers email header key/value pairs. Overrides any headers -previously set by the notification implementation. +headers defines additional email header key/value pairs. +These override any headers previously set by the notification implementation. -- Type:: @@ -1934,18 +1955,21 @@ Required:: | `key` | `string` -| Key of the tuple. +| key defines the key of the tuple. +This is the identifier or name part of the key-value pair. | `value` | `string` -| Value of the tuple. +| value defines the value of the tuple. +This is the data or content associated with the key. |=== === .spec.receivers[].emailConfigs[].tlsConfig Description:: + -- -TLS configuration +tlsConfig defines the TLS configuration for SMTP connections. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -1960,42 +1984,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].emailConfigs[].tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -2010,18 +2034,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].emailConfigs[].tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -2057,7 +2081,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -2093,7 +2117,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -2108,18 +2132,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].emailConfigs[].tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -2155,7 +2179,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -2191,7 +2215,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -2227,7 +2251,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -List of MSTeams configurations. +msteamsConfigs defines the list of MSTeams configurations. It requires Alertmanager >= 0.26.0. -- @@ -2259,35 +2283,39 @@ Required:: | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the HTTP client configuration for Teams webhook requests. | `sendResolved` | `boolean` -| Whether to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `summary` | `string` -| Message summary template. +| summary defines the message summary template for Teams notifications. +This provides a brief overview that appears in Teams notification previews. It requires Alertmanager >= 0.27.0. | `text` | `string` -| Message body template. +| text defines the message body template for Teams notifications. +This contains the detailed content of the Teams message. | `title` | `string` -| Message title template. +| title defines the message title template for Teams notifications. +This appears as the main heading of the Teams message card. | `webhookUrl` | `object` -| MSTeams webhook URL. +| webhookUrl defines the MSTeams webhook URL for sending notifications. +This is the incoming webhook URL configured in your Teams channel. |=== === .spec.receivers[].msteamsConfigs[].httpConfig Description:: + -- -HTTP client configuration. +httpConfig defines the HTTP client configuration for Teams webhook requests. -- Type:: @@ -2302,28 +2330,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -2331,11 +2364,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -2350,30 +2384,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].msteamsConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -2389,11 +2423,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -2404,7 +2438,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -2440,7 +2474,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -2456,12 +2490,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -2469,7 +2503,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -2506,7 +2540,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -2543,7 +2577,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -2564,18 +2598,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].msteamsConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -2594,22 +2629,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -2617,7 +2652,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -2632,33 +2667,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -2674,18 +2709,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -2721,7 +2756,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -2757,7 +2792,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -2794,7 +2829,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -2859,7 +2894,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -2875,42 +2910,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -2925,18 +2960,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -2972,7 +3007,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -3008,7 +3043,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -3023,18 +3058,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -3070,7 +3105,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -3106,7 +3141,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -3142,7 +3177,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -3207,7 +3242,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -3222,42 +3258,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].msteamsConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -3272,18 +3308,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].msteamsConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -3319,7 +3355,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -3355,7 +3391,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -3370,18 +3406,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].msteamsConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -3417,7 +3453,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -3453,7 +3489,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -3489,7 +3525,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -MSTeams webhook URL. +webhookUrl defines the MSTeams webhook URL for sending notifications. +This is the incoming webhook URL configured in your Teams channel. -- Type:: @@ -3525,7 +3562,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -List of MSTeamsV2 configurations. +msteamsv2Configs defines the list of MSTeamsV2 configurations. It requires Alertmanager >= 0.28.0. -- @@ -3539,7 +3576,7 @@ Type:: Description:: + -- -MSTeamsV2Config configures notifications via Microsoft Teams using the new message format with adaptive cards as required by flows +MSTeamsV2Config configures notifications via Microsoft Teams using the new message format with adaptive cards as required by flows. See https://prometheus.io/docs/alerting/latest/configuration/#msteamsv2_config It requires Alertmanager >= 0.28.0. -- @@ -3556,30 +3593,33 @@ Type:: | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the HTTP client configuration for Teams webhook requests. | `sendResolved` | `boolean` -| Whether to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `text` | `string` -| Message body template. +| text defines the message body template for adaptive card notifications. +This contains the detailed content displayed in the Teams adaptive card format. | `title` | `string` -| Message title template. +| title defines the message title template for adaptive card notifications. +This appears as the main heading in the Teams adaptive card. | `webhookURL` | `object` -| MSTeams incoming webhook URL. +| webhookURL defines the MSTeams incoming webhook URL for adaptive card notifications. +This webhook must support the newer adaptive cards format required by Teams flows. |=== === .spec.receivers[].msteamsv2Configs[].httpConfig Description:: + -- -HTTP client configuration. +httpConfig defines the HTTP client configuration for Teams webhook requests. -- Type:: @@ -3594,28 +3634,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -3623,11 +3668,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -3642,30 +3688,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].msteamsv2Configs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -3681,11 +3727,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -3696,7 +3742,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -3732,7 +3778,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -3748,12 +3794,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -3761,7 +3807,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -3798,7 +3844,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -3835,7 +3881,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -3856,18 +3902,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].msteamsv2Configs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -3886,22 +3933,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -3909,7 +3956,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -3924,33 +3971,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].msteamsv2Configs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -3966,18 +4013,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].msteamsv2Configs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4013,7 +4060,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4049,7 +4096,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -4086,7 +4133,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -4151,7 +4198,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -4167,42 +4214,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].msteamsv2Configs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -4217,18 +4264,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].msteamsv2Configs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4264,7 +4311,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4300,7 +4347,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -4315,18 +4362,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].msteamsv2Configs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4362,7 +4409,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4398,7 +4445,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -4434,7 +4481,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -4499,7 +4546,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -4514,42 +4562,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].msteamsv2Configs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -4564,18 +4612,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].msteamsv2Configs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4611,7 +4659,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4647,7 +4695,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -4662,18 +4710,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].msteamsv2Configs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4709,7 +4757,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4745,7 +4793,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -4781,7 +4829,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -MSTeams incoming webhook URL. +webhookURL defines the MSTeams incoming webhook URL for adaptive card notifications. +This webhook must support the newer adaptive cards format required by Teams flows. -- Type:: @@ -4817,7 +4866,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -List of OpsGenie configurations. +opsgenieConfigs defines the list of OpsGenie configurations. -- Type:: @@ -4846,25 +4895,29 @@ Type:: | `actions` | `string` -| Comma separated list of actions that will be available for the alert. +| actions defines a comma separated list of actions that will be available for the alert. +These appear as action buttons in the OpsGenie interface. | `apiKey` | `object` -| The secret's key that contains the OpsGenie API key. +| apiKey defines the secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. | `apiURL` | `string` -| The URL to send OpsGenie API requests to. +| apiURL defines the URL to send OpsGenie API requests to. +When not specified, defaults to the standard OpsGenie API endpoint. | `description` | `string` -| Description of the incident. +| description defines the detailed description of the incident. +This provides additional context beyond the message field. | `details` | `array` -| A set of arbitrary key/value pairs that provide further detail about the incident. +| details defines a set of arbitrary key/value pairs that provide further detail about the incident. +These appear as additional fields in the OpsGenie alert. | `details[]` | `object` @@ -4872,27 +4925,32 @@ object and accessible by the Prometheus Operator. | `entity` | `string` -| Optional field that can be used to specify which domain alert is related to. +| entity defines an optional field that can be used to specify which domain alert is related to. +This helps group related alerts together in OpsGenie. | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the HTTP client configuration for OpsGenie API requests. | `message` | `string` -| Alert text limited to 130 characters. +| message defines the alert text limited to 130 characters. +This appears as the main alert title in OpsGenie. | `note` | `string` -| Additional alert note. +| note defines an additional alert note. +This provides supplementary information about the alert. | `priority` | `string` -| Priority level of alert. Possible values are P1, P2, P3, P4, and P5. +| priority defines the priority level of alert. +Possible values are P1, P2, P3, P4, and P5, where P1 is highest priority. | `responders` | `array` -| List of responders responsible for notifications. +| responders defines the list of responders responsible for notifications. +These determine who gets notified when the alert is created. | `responders[]` | `object` @@ -4901,22 +4959,24 @@ One of `id`, `name` or `username` has to be defined. | `sendResolved` | `boolean` -| Whether or not to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `source` | `string` -| Backlink to the sender of the notification. +| source defines the backlink to the sender of the notification. +This helps identify where the alert originated from. | `tags` | `string` -| Comma separated list of tags attached to the notifications. +| tags defines a comma separated list of tags attached to the notifications. +These help categorize and filter alerts within OpsGenie. |=== === .spec.receivers[].opsgenieConfigs[].apiKey Description:: + -- -The secret's key that contains the OpsGenie API key. +apiKey defines the secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. -- @@ -4936,18 +4996,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].opsgenieConfigs[].details Description:: + -- -A set of arbitrary key/value pairs that provide further detail about the incident. +details defines a set of arbitrary key/value pairs that provide further detail about the incident. +These appear as additional fields in the OpsGenie alert. -- Type:: @@ -4978,18 +5039,20 @@ Required:: | `key` | `string` -| Key of the tuple. +| key defines the key of the tuple. +This is the identifier or name part of the key-value pair. | `value` | `string` -| Value of the tuple. +| value defines the value of the tuple. +This is the data or content associated with the key. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig Description:: + -- -HTTP client configuration. +httpConfig defines the HTTP client configuration for OpsGenie API requests. -- Type:: @@ -5004,28 +5067,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -5033,11 +5101,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -5052,30 +5121,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -5091,11 +5160,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -5106,7 +5175,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -5142,7 +5211,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -5158,12 +5227,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -5171,7 +5240,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -5208,7 +5277,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -5245,7 +5314,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -5266,18 +5335,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -5296,22 +5366,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -5319,7 +5389,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -5334,33 +5404,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -5376,18 +5446,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -5423,7 +5493,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -5459,7 +5529,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -5496,7 +5566,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -5561,7 +5631,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -5577,42 +5647,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -5627,18 +5697,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -5674,7 +5744,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -5710,7 +5780,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -5725,18 +5795,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -5772,7 +5842,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -5808,7 +5878,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -5844,7 +5914,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -5909,7 +5979,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -5924,42 +5995,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -5974,18 +6045,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -6021,7 +6092,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -6057,7 +6128,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -6072,18 +6143,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -6119,7 +6190,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -6155,7 +6226,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -6191,7 +6262,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -List of responders responsible for notifications. +responders defines the list of responders responsible for notifications. +These determine who gets notified when the alert is created. -- Type:: @@ -6222,26 +6294,31 @@ Required:: | `id` | `string` -| ID of the responder. +| id defines the unique identifier of the responder. +This corresponds to the responder's ID within OpsGenie. | `name` | `string` -| Name of the responder. +| name defines the display name of the responder. +This is used when the responder is identified by name rather than ID. | `type` | `string` -| Type of responder. +| type defines the type of responder. +Valid values include "user", "team", "schedule", and "escalation". +This determines how OpsGenie interprets the other identifier fields. | `username` | `string` -| Username of the responder. +| username defines the username of the responder. +This is typically used for user-type responders when identifying by username. |=== === .spec.receivers[].pagerdutyConfigs Description:: + -- -List of PagerDuty configurations. +pagerdutyConfigs defines the List of PagerDuty configurations. -- Type:: @@ -6270,27 +6347,27 @@ Type:: | `class` | `string` -| The class/type of the event. +| class defines the class/type of the event. | `client` | `string` -| Client identification. +| client defines the client identification. | `clientURL` | `string` -| Backlink to the sender of notification. +| clientURL defines the backlink to the sender of notification. | `component` | `string` -| The part or component of the affected system that is broken. +| component defines the part or component of the affected system that is broken. | `description` | `string` -| Description of the incident. +| description of the incident. | `details` | `array` -| Arbitrary key/value pairs that provide further detail about the incident. +| details defines the arbitrary key/value pairs that provide further detail about the incident. | `details[]` | `object` @@ -6298,15 +6375,15 @@ Type:: | `group` | `string` -| A cluster or grouping of sources. +| group defines a cluster or grouping of sources. | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the HTTP client configuration. | `pagerDutyImageConfigs` | `array` -| A list of image details to attach that provide further detail about an incident. +| pagerDutyImageConfigs defines a list of image details to attach that provide further detail about an incident. | `pagerDutyImageConfigs[]` | `object` @@ -6314,7 +6391,7 @@ Type:: | `pagerDutyLinkConfigs` | `array` -| A list of link details to attach that provide further detail about an incident. +| pagerDutyLinkConfigs defines a list of link details to attach that provide further detail about an incident. | `pagerDutyLinkConfigs[]` | `object` @@ -6322,18 +6399,18 @@ Type:: | `routingKey` | `object` -| The secret's key that contains the PagerDuty integration key (when using +| routingKey defines the secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. | `sendResolved` | `boolean` -| Whether or not to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `serviceKey` | `object` -| The secret's key that contains the PagerDuty service key (when using +| serviceKey defines the secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig @@ -6341,22 +6418,22 @@ object and accessible by the Prometheus Operator. | `severity` | `string` -| Severity of the incident. +| severity of the incident. | `source` | `string` -| Unique location of the affected system. +| source defines the unique location of the affected system. | `url` | `string` -| The URL to send requests to. +| url defines the URL to send requests to. |=== === .spec.receivers[].pagerdutyConfigs[].details Description:: + -- -Arbitrary key/value pairs that provide further detail about the incident. +details defines the arbitrary key/value pairs that provide further detail about the incident. -- Type:: @@ -6387,18 +6464,20 @@ Required:: | `key` | `string` -| Key of the tuple. +| key defines the key of the tuple. +This is the identifier or name part of the key-value pair. | `value` | `string` -| Value of the tuple. +| value defines the value of the tuple. +This is the data or content associated with the key. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig Description:: + -- -HTTP client configuration. +httpConfig defines the HTTP client configuration. -- Type:: @@ -6413,28 +6492,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -6442,11 +6526,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -6461,30 +6546,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -6500,11 +6585,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -6515,7 +6600,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -6551,7 +6636,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -6567,12 +6652,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -6580,7 +6665,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -6617,7 +6702,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -6654,7 +6739,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -6675,18 +6760,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -6705,22 +6791,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -6728,7 +6814,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -6743,33 +6829,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -6785,18 +6871,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -6832,7 +6918,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -6868,7 +6954,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -6905,7 +6991,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -6970,7 +7056,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -6986,42 +7072,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -7036,18 +7122,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -7083,7 +7169,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -7119,7 +7205,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -7134,18 +7220,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -7181,7 +7267,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -7217,7 +7303,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -7253,7 +7339,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -7318,7 +7404,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -7333,42 +7420,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -7383,18 +7470,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -7430,7 +7517,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -7466,7 +7553,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -7481,18 +7568,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -7528,7 +7615,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -7564,7 +7651,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -7600,7 +7687,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -A list of image details to attach that provide further detail about an incident. +pagerDutyImageConfigs defines a list of image details to attach that provide further detail about an incident. -- Type:: @@ -7628,22 +7715,22 @@ Type:: | `alt` | `string` -| Alt is the optional alternative text for the image. +| alt is the optional alternative text for the image. | `href` | `string` -| Optional URL; makes the image a clickable link. +| href defines the optional URL; makes the image a clickable link. | `src` | `string` -| Src of the image being attached to the incident +| src of the image being attached to the incident |=== === .spec.receivers[].pagerdutyConfigs[].pagerDutyLinkConfigs Description:: + -- -A list of link details to attach that provide further detail about an incident. +pagerDutyLinkConfigs defines a list of link details to attach that provide further detail about an incident. -- Type:: @@ -7671,18 +7758,18 @@ Type:: | `alt` | `string` -| Text that describes the purpose of the link, and can be used as the link's text. +| alt defines the text that describes the purpose of the link, and can be used as the link's text. | `href` | `string` -| Href is the URL of the link to be attached +| href defines the URL of the link to be attached |=== === .spec.receivers[].pagerdutyConfigs[].routingKey Description:: + -- -The secret's key that contains the PagerDuty integration key (when using +routingKey defines the secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -7703,18 +7790,18 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].pagerdutyConfigs[].serviceKey Description:: + -- -The secret's key that contains the PagerDuty service key (when using +serviceKey defines the secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig @@ -7736,18 +7823,18 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].pushoverConfigs Description:: + -- -List of Pushover configurations. +pushoverConfigs defines the list of Pushover configurations. -- Type:: @@ -7776,81 +7863,92 @@ Type:: | `device` | `string` -| The name of a device to send the notification to +| device defines the name of a specific device to send the notification to. +If not specified, the notification is sent to all user's devices. | `expire` | `string` -| How long your notification will continue to be retried for, unless the user -acknowledges the notification. +| expire defines how long your notification will continue to be retried for, +unless the user acknowledges the notification. Only applies to priority 2 notifications. | `html` | `boolean` -| Whether notification message is HTML or plain text. +| html defines whether notification message is HTML or plain text. +When true, the message can include HTML formatting tags. | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the HTTP client configuration for Pushover API requests. | `message` | `string` -| Notification message. +| message defines the notification message content. +This is the main body text of the Pushover notification. | `priority` | `string` -| Priority, see https://pushover.net/api#priority +| priority defines the notification priority level. +See https://pushover.net/api#priority for valid values and behavior. | `retry` | `string` -| How often the Pushover servers will send the same notification to the user. -Must be at least 30 seconds. +| retry defines how often the Pushover servers will send the same notification to the user. +Must be at least 30 seconds. Only applies to priority 2 notifications. | `sendResolved` | `boolean` -| Whether or not to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `sound` | `string` -| The name of one of the sounds supported by device clients to override the user's default sound choice +| sound defines the name of one of the sounds supported by device clients. +This overrides the user's default sound choice for this notification. | `title` | `string` -| Notification title. +| title defines the notification title displayed in the Pushover message. +This appears as the bold header text in the notification. | `token` | `object` -| The secret's key that contains the registered application's API token, see https://pushover.net/apps. +| token defines the secret's key that contains the registered application's API token. +See https://pushover.net/apps for application registration. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `token` or `tokenFile` is required. | `tokenFile` | `string` -| The token file that contains the registered application's API token, see https://pushover.net/apps. +| tokenFile defines the token file that contains the registered application's API token. +See https://pushover.net/apps for application registration. Either `token` or `tokenFile` is required. It requires Alertmanager >= v0.26.0. | `ttl` | `string` -| The time to live definition for the alert notification +| ttl defines the time to live for the alert notification. +This determines how long the notification remains active before expiring. | `url` | `string` -| A supplementary URL shown alongside the message. +| url defines a supplementary URL shown alongside the message. +This creates a clickable link within the Pushover notification. | `urlTitle` | `string` -| A title for supplementary URL, otherwise just the URL is shown +| urlTitle defines a title for the supplementary URL. +If not specified, the raw URL is shown instead. | `userKey` | `object` -| The secret's key that contains the recipient user's user key. +| userKey defines the secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `userKey` or `userKeyFile` is required. | `userKeyFile` | `string` -| The user key file that contains the recipient user's user key. +| userKeyFile defines the user key file that contains the recipient user's user key. Either `userKey` or `userKeyFile` is required. It requires Alertmanager >= v0.26.0. @@ -7859,7 +7957,7 @@ It requires Alertmanager >= v0.26.0. Description:: + -- -HTTP client configuration. +httpConfig defines the HTTP client configuration for Pushover API requests. -- Type:: @@ -7874,28 +7972,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -7903,11 +8006,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -7922,30 +8026,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].pushoverConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -7961,11 +8065,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -7976,7 +8080,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -8012,7 +8116,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -8028,12 +8132,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -8041,7 +8145,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -8078,7 +8182,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -8115,7 +8219,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -8136,18 +8240,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].pushoverConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -8166,22 +8271,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -8189,7 +8294,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -8204,33 +8309,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -8246,18 +8351,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -8293,7 +8398,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -8329,7 +8434,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -8366,7 +8471,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -8431,7 +8536,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -8447,42 +8552,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -8497,18 +8602,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -8544,7 +8649,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -8580,7 +8685,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -8595,18 +8700,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -8642,7 +8747,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -8678,7 +8783,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -8714,7 +8819,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -8779,7 +8884,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -8794,42 +8900,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -8844,18 +8950,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -8891,7 +8997,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -8927,7 +9033,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -8942,18 +9048,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -8989,7 +9095,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -9025,7 +9131,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -9061,7 +9167,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the registered application's API token, see https://pushover.net/apps. +token defines the secret's key that contains the registered application's API token. +See https://pushover.net/apps for application registration. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `token` or `tokenFile` is required. @@ -9082,18 +9189,18 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].pushoverConfigs[].userKey Description:: + -- -The secret's key that contains the recipient user's user key. +userKey defines the secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `userKey` or `userKeyFile` is required. @@ -9114,18 +9221,18 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].rocketchatConfigs Description:: + -- -List of RocketChat configurations. +rocketchatConfigs defines the list of RocketChat configurations. It requires Alertmanager >= 0.28.0. -- @@ -9158,7 +9265,8 @@ Required:: | `actions` | `array` -| Actions to include in the message. +| actions defines interactive actions to include in the message. +These appear as buttons that users can click to trigger responses. | `actions[]` | `object` @@ -9166,24 +9274,28 @@ Required:: | `apiURL` | `string` -| The API URL for RocketChat. +| apiURL defines the API URL for RocketChat. Defaults to https://open.rocket.chat/ if not specified. | `channel` | `string` -| The channel to send alerts to. +| channel defines the channel to send alerts to. +This can be a channel name (e.g., "#alerts") or a direct message recipient. | `color` | `string` -| The message color. +| color defines the message color displayed in RocketChat. +This appears as a colored bar alongside the message. | `emoji` | `string` -| If provided, the avatar will be displayed as an emoji. +| emoji defines the emoji to be displayed as an avatar. +If provided, this emoji will be used instead of the default avatar or iconURL. | `fields` | `array` -| Additional fields for the message. +| fields defines additional fields for the message attachment. +These appear as structured key-value pairs within the message. | `fields[]` | `object` @@ -9191,58 +9303,69 @@ Defaults to https://open.rocket.chat/ if not specified. | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the HTTP client configuration for RocketChat API requests. | `iconURL` | `string` -| Icon URL for the message. +| iconURL defines the icon URL for the message avatar. +This displays a custom image as the message sender's avatar. | `imageURL` | `string` -| Image URL for the message. +| imageURL defines the image URL to display within the message. +This embeds an image directly in the message attachment. | `linkNames` | `boolean` -| Whether to enable link names. +| linkNames defines whether to enable automatic linking of usernames and channels. +When true, @username and #channel references become clickable links. | `sendResolved` | `boolean` -| Whether to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `shortFields` | `boolean` -| Whether to use short fields. +| shortFields defines whether to use short fields in the message layout. +When true, fields may be displayed side by side to save space. | `text` | `string` -| The main message text. +| text defines the message text to send. +This is optional because attachments can be used instead of or alongside text. | `thumbURL` | `string` -| Thumbnail URL for the message. +| thumbURL defines the thumbnail URL for the message. +This displays a small thumbnail image alongside the message content. | `title` | `string` -| The message title. +| title defines the message title displayed prominently in the message. +This appears as bold text at the top of the message attachment. | `titleLink` | `string` -| The title link for the message. +| titleLink defines the URL that the title will link to when clicked. +This makes the message title clickable in the RocketChat interface. | `token` | `object` -| The sender token. +| token defines the sender token for RocketChat authentication. +This is the personal access token or bot token used to authenticate API requests. | `tokenID` | `object` -| The sender token ID. +| tokenID defines the sender token ID for RocketChat authentication. +This is the user ID associated with the token used for API requests. |=== === .spec.receivers[].rocketchatConfigs[].actions Description:: + -- -Actions to include in the message. +actions defines interactive actions to include in the message. +These appear as buttons that users can click to trigger responses. -- Type:: @@ -9270,22 +9393,26 @@ Type:: | `msg` | `string` -| The message to send when the button is clicked. +| msg defines the message to send when the button is clicked. +This allows the button to post a predefined message to the channel. | `text` | `string` -| The button text. +| text defines the button text displayed to users. +This is the label that appears on the interactive button. | `url` | `string` -| The URL the button links to. +| url defines the URL the button links to when clicked. +This creates a clickable button that opens the specified URL. |=== === .spec.receivers[].rocketchatConfigs[].fields Description:: + -- -Additional fields for the message. +fields defines additional fields for the message attachment. +These appear as structured key-value pairs within the message. -- Type:: @@ -9313,22 +9440,25 @@ Type:: | `short` | `boolean` -| Whether the field is displayed in a compact form. +| short defines whether this field should be a short field. +When true, the field may be displayed inline with other short fields to save space. | `title` | `string` -| The field title. +| title defines the title of this field. +This appears as bold text labeling the field content. | `value` | `string` -| The field value. +| value defines the value of this field, displayed underneath the title. +This contains the actual data or content for the field. |=== === .spec.receivers[].rocketchatConfigs[].httpConfig Description:: + -- -HTTP client configuration. +httpConfig defines the HTTP client configuration for RocketChat API requests. -- Type:: @@ -9343,28 +9473,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -9372,11 +9507,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -9391,30 +9527,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].rocketchatConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -9430,11 +9566,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -9445,7 +9581,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -9481,7 +9617,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -9497,12 +9633,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -9510,7 +9646,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -9547,7 +9683,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -9584,7 +9720,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -9605,18 +9741,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].rocketchatConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -9635,22 +9772,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -9658,7 +9795,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -9673,33 +9810,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].rocketchatConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -9715,18 +9852,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].rocketchatConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -9762,7 +9899,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -9798,7 +9935,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -9835,7 +9972,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -9900,7 +10037,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -9916,42 +10053,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].rocketchatConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -9966,18 +10103,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].rocketchatConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -10013,7 +10150,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -10049,7 +10186,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -10064,18 +10201,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].rocketchatConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -10111,7 +10248,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -10147,7 +10284,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -10183,7 +10320,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -10248,7 +10385,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -10263,42 +10401,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].rocketchatConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -10313,18 +10451,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].rocketchatConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -10360,7 +10498,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -10396,7 +10534,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -10411,18 +10549,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].rocketchatConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -10458,7 +10596,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -10494,7 +10632,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -10530,7 +10668,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The sender token. +token defines the sender token for RocketChat authentication. +This is the personal access token or bot token used to authenticate API requests. -- Type:: @@ -10566,7 +10705,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The sender token ID. +tokenID defines the sender token ID for RocketChat authentication. +This is the user ID associated with the token used for API requests. -- Type:: @@ -10602,7 +10742,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -List of Slack configurations. +slackConfigs defines the list of Slack configurations. -- Type:: @@ -10631,7 +10771,7 @@ Type:: | `actions` | `array` -| A list of Slack actions that are sent with each notification. +| actions defines a list of Slack actions that are sent with each notification. | `actions[]` | `object` @@ -10642,29 +10782,30 @@ https://api.slack.com/docs/message-buttons for more information. | `apiURL` | `object` -| The secret's key that contains the Slack webhook URL. +| apiURL defines the secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. | `callbackId` | `string` -| +| callbackId defines an identifier for the message used in interactive components. | `channel` | `string` -| The channel or user to send notifications to. +| channel defines the channel or user to send notifications to. | `color` | `string` -| +| color defines the color of the left border of the Slack message attachment. +Can be a hex color code (e.g., "#ff0000") or a predefined color name. | `fallback` | `string` -| +| fallback defines a plain-text summary of the attachment for clients that don't support attachments. | `fields` | `array` -| A list of Slack fields that are sent with each notification. +| fields defines a list of Slack fields that are sent with each notification. | `fields[]` | `object` @@ -10675,70 +10816,74 @@ See https://api.slack.com/docs/message-attachments#fields for more information. | `footer` | `string` -| +| footer defines small text displayed at the bottom of the message attachment. | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the HTTP client configuration. | `iconEmoji` | `string` -| +| iconEmoji defines the emoji to use as the bot's avatar (e.g., ":ghost:"). | `iconURL` | `string` -| +| iconURL defines the URL to an image to use as the bot's avatar. | `imageURL` | `string` -| +| imageURL defines the URL to an image file that will be displayed inside the message attachment. | `linkNames` | `boolean` -| +| linkNames enables automatic linking of channel names and usernames in the message. +When true, @channel and @username will be converted to clickable links. | `mrkdwnIn` | `array (string)` -| +| mrkdwnIn defines which fields should be parsed as Slack markdown. +Valid values include "pretext", "text", and "fields". | `pretext` | `string` -| +| pretext defines optional text that appears above the message attachment block. | `sendResolved` | `boolean` -| Whether or not to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `shortFields` | `boolean` -| +| shortFields determines whether fields are displayed in a compact format. +When true, fields are shown side by side when possible. | `text` | `string` -| +| text defines the main text content of the Slack message attachment. | `thumbURL` | `string` -| +| thumbURL defines the URL to an image file that will be displayed as a thumbnail +on the right side of the message attachment. | `title` | `string` -| +| title defines the title text displayed in the Slack message attachment. | `titleLink` | `string` -| +| titleLink defines the URL that the title will link to when clicked. | `username` | `string` -| +| username defines the slack bot user name. |=== === .spec.receivers[].slackConfigs[].actions Description:: + -- -A list of Slack actions that are sent with each notification. +actions defines a list of Slack actions that are sent with each notification. -- Type:: @@ -10772,46 +10917,46 @@ Required:: | `confirm` | `object` -| SlackConfirmationField protect users from destructive actions or -particularly distinguished decisions by asking them to confirm their button -click one more time. -See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields -for more information. +| confirm defines an optional confirmation dialog that appears before the action is executed. +When set, users must confirm their intent before the action proceeds. | `name` | `string` -| +| name defines a unique identifier for the action within the message. +This value is sent back to your application when the action is triggered. | `style` | `string` -| +| style defines the visual appearance of the action element. +Valid values include "default", "primary" (green), and "danger" (red). | `text` | `string` -| +| text defines the user-visible label displayed on the action element. +For buttons, this is the button text. For select menus, this is the placeholder text. | `type` | `string` -| +| type defines the type of interactive component. +Common values include "button" for clickable buttons and "select" for dropdown menus. | `url` | `string` -| +| url defines the URL to open when the action is triggered. +Only applicable for button-type actions. When set, clicking the button opens this URL. | `value` | `string` -| +| value defines the payload sent when the action is triggered. +This data is included in the callback sent to your application. |=== === .spec.receivers[].slackConfigs[].actions[].confirm Description:: + -- -SlackConfirmationField protect users from destructive actions or -particularly distinguished decisions by asking them to confirm their button -click one more time. -See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields -for more information. +confirm defines an optional confirmation dialog that appears before the action is executed. +When set, users must confirm their intent before the action proceeds. -- Type:: @@ -10828,26 +10973,30 @@ Required:: | `dismissText` | `string` -| +| dismissText defines the label for the cancel button in the dialog. +When not specified, defaults to "Cancel". This button cancels the action. | `okText` | `string` -| +| okText defines the label for the confirmation button in the dialog. +When not specified, defaults to "Okay". This button proceeds with the action. | `text` | `string` -| +| text defines the main message displayed in the confirmation dialog. +This should be a clear question or statement asking the user to confirm their action. | `title` | `string` -| +| title defines the title text displayed at the top of the confirmation dialog. +When not specified, a default title will be used. |=== === .spec.receivers[].slackConfigs[].apiURL Description:: + -- -The secret's key that contains the Slack webhook URL. +apiURL defines the secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. -- @@ -10867,18 +11016,18 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].slackConfigs[].fields Description:: + -- -A list of Slack fields that are sent with each notification. +fields defines a list of Slack fields that are sent with each notification. -- Type:: @@ -10912,22 +11061,26 @@ Required:: | `short` | `boolean` -| +| short determines whether this field can be displayed alongside other short fields. +When true, Slack may display this field side by side with other short fields. +When false or not specified, the field takes the full width of the message. | `title` | `string` -| +| title defines the label or header text displayed for this field. +This appears as bold text above the field value in the Slack message. | `value` | `string` -| +| value defines the content or data displayed for this field. +This appears below the title and can contain plain text or Slack markdown. |=== === .spec.receivers[].slackConfigs[].httpConfig Description:: + -- -HTTP client configuration. +httpConfig defines the HTTP client configuration. -- Type:: @@ -10942,28 +11095,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -10971,11 +11129,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -10990,30 +11149,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].slackConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -11029,11 +11188,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -11044,7 +11203,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -11080,7 +11239,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -11096,12 +11255,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -11109,7 +11268,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -11146,7 +11305,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -11183,7 +11342,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -11204,18 +11363,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].slackConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -11234,22 +11394,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -11257,7 +11417,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -11272,33 +11432,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].slackConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -11314,18 +11474,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].slackConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -11361,7 +11521,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -11397,7 +11557,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -11434,7 +11594,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -11499,7 +11659,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -11515,42 +11675,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].slackConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -11565,18 +11725,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].slackConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -11612,7 +11772,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -11648,7 +11808,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -11663,18 +11823,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].slackConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -11710,7 +11870,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -11746,7 +11906,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -11782,7 +11942,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -11847,7 +12007,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -11862,42 +12023,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -11912,18 +12073,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -11959,7 +12120,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -11995,7 +12156,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -12010,18 +12171,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -12057,7 +12218,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -12093,7 +12254,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -12129,7 +12290,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -List of SNS configurations +snsConfigs defines the list of SNS configurations -- Type:: @@ -12158,46 +12319,50 @@ Type:: | `apiURL` | `string` -| The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. +| apiURL defines the SNS API URL, e.g. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used. | `attributes` | `object (string)` -| SNS message attributes. +| attributes defines SNS message attributes as key-value pairs. +These provide additional metadata that can be used for message filtering and routing. | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the HTTP client configuration for SNS API requests. | `message` | `string` -| The message content of the SNS notification. +| message defines the message content of the SNS notification. +This is the actual notification text that will be sent to subscribers. | `phoneNumber` | `string` -| Phone number if message is delivered via SMS in E.164 format. +| phoneNumber defines the phone number if message is delivered via SMS in E.164 format. If you don't specify this value, you must specify a value for the TopicARN or TargetARN. | `sendResolved` | `boolean` -| Whether or not to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `sigv4` | `object` -| Configures AWS's Signature Verification 4 signing process to sign requests. +| sigv4 configures AWS's Signature Verification 4 signing process to sign requests. +This includes AWS credentials and region configuration for authentication. | `subject` | `string` -| Subject line when the message is delivered to email endpoints. +| subject defines the subject line when the message is delivered to email endpoints. +This field is only used when sending to email subscribers of an SNS topic. | `targetARN` | `string` -| The mobile platform endpoint ARN if message is delivered via mobile notifications. -If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber. +| targetARN defines the mobile platform endpoint ARN if message is delivered via mobile notifications. +If you don't specify this value, you must specify a value for the TopicARN or PhoneNumber. | `topicARN` | `string` -| SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic +| topicARN defines the SNS topic ARN, e.g. arn:aws:sns:us-east-2:698519295917:My-Topic. If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN. |=== @@ -12205,7 +12370,7 @@ If you don't specify this value, you must specify a value for the PhoneNumber or Description:: + -- -HTTP client configuration. +httpConfig defines the HTTP client configuration for SNS API requests. -- Type:: @@ -12220,28 +12385,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -12249,11 +12419,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -12268,30 +12439,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].snsConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -12307,11 +12478,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -12322,7 +12493,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -12358,7 +12529,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -12374,12 +12545,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -12387,7 +12558,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -12424,7 +12595,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -12461,7 +12632,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -12482,18 +12653,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].snsConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -12512,22 +12684,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -12535,7 +12707,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -12550,33 +12722,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].snsConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -12592,18 +12764,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].snsConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -12639,7 +12811,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -12675,7 +12847,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -12712,7 +12884,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -12777,7 +12949,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -12793,42 +12965,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].snsConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -12843,18 +13015,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].snsConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -12890,7 +13062,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -12926,7 +13098,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -12941,18 +13113,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].snsConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -12988,7 +13160,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -13024,7 +13196,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -13060,7 +13232,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -13125,7 +13297,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -13140,42 +13313,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -13190,18 +13363,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -13237,7 +13410,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -13273,7 +13446,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -13288,18 +13461,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -13335,7 +13508,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -13371,7 +13544,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -13407,7 +13580,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Configures AWS's Signature Verification 4 signing process to sign requests. +sigv4 configures AWS's Signature Verification 4 signing process to sign requests. +This includes AWS credentials and region configuration for authentication. -- Type:: @@ -13422,32 +13596,37 @@ Type:: | `accessKey` | `object` -| AccessKey is the AWS API key. If not specified, the environment variable +| accessKey defines the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. | `profile` | `string` -| Profile is the named AWS profile used to authenticate. +| profile defines the named AWS profile used to authenticate. | `region` | `string` -| Region is the AWS region. If blank, the region from the default credentials chain used. +| region defines the AWS region. If blank, the region from the default credentials chain used. | `roleArn` | `string` -| RoleArn is the named AWS profile used to authenticate. +| roleArn defines the named AWS profile used to authenticate. | `secretKey` | `object` -| SecretKey is the AWS API secret. If not specified, the environment +| secretKey defines the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. +| `useFIPSSTSEndpoint` +| `boolean` +| useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. +It requires Prometheus >= v2.54.0. + |=== === .spec.receivers[].snsConfigs[].sigv4.accessKey Description:: + -- -AccessKey is the AWS API key. If not specified, the environment variable +accessKey defines the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. -- @@ -13484,7 +13663,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -SecretKey is the AWS API secret. If not specified, the environment +secretKey defines the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. -- @@ -13521,7 +13700,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -List of Telegram configurations. +telegramConfigs defines the list of Telegram configurations. -- Type:: @@ -13552,62 +13731,66 @@ Required:: | `apiURL` | `string` -| The Telegram API URL i.e. https://api.telegram.org. -If not specified, default API URL will be used. +| apiURL defines the Telegram API URL, e.g. https://api.telegram.org. +If not specified, the default Telegram API URL will be used. | `botToken` | `object` -| Telegram bot token. It is mutually exclusive with `botTokenFile`. +| botToken defines the Telegram bot token. It is mutually exclusive with `botTokenFile`. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - Either `botToken` or `botTokenFile` is required. | `botTokenFile` | `string` -| File to read the Telegram bot token from. It is mutually exclusive with `botToken`. +| botTokenFile defines the file to read the Telegram bot token from. +It is mutually exclusive with `botToken`. Either `botToken` or `botTokenFile` is required. - It requires Alertmanager >= v0.26.0. | `chatID` | `integer` -| The Telegram chat ID. +| chatID defines the Telegram chat ID where messages will be sent. +This can be a user ID, group ID, or channel ID (with @ prefix for public channels). | `disableNotifications` | `boolean` -| Disable telegram notifications +| disableNotifications controls whether Telegram notifications are sent silently. +When true, users will receive the message without notification sounds. | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the HTTP client configuration for Telegram API requests. | `message` | `string` -| Message template +| message defines the message template for the Telegram notification. +This is the content that will be sent to the specified chat. | `messageThreadID` | `integer` -| The Telegram Group Topic ID. +| messageThreadID defines the Telegram Group Topic ID for threaded messages. +This allows sending messages to specific topics within Telegram groups. It requires Alertmanager >= 0.26.0. | `parseMode` | `string` -| Parse mode for telegram message +| parseMode defines the parse mode for telegram message formatting. +Valid values are "MarkdownV2", "Markdown", and "HTML". +This determines how text formatting is interpreted in the message. | `sendResolved` | `boolean` -| Whether to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. |=== === .spec.receivers[].telegramConfigs[].botToken Description:: + -- -Telegram bot token. It is mutually exclusive with `botTokenFile`. +botToken defines the Telegram bot token. It is mutually exclusive with `botTokenFile`. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - Either `botToken` or `botTokenFile` is required. -- @@ -13626,18 +13809,18 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].telegramConfigs[].httpConfig Description:: + -- -HTTP client configuration. +httpConfig defines the HTTP client configuration for Telegram API requests. -- Type:: @@ -13652,28 +13835,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -13681,11 +13869,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -13700,30 +13889,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].telegramConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -13739,11 +13928,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -13754,7 +13943,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -13790,7 +13979,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -13806,12 +13995,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -13819,7 +14008,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -13856,7 +14045,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -13893,7 +14082,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -13914,18 +14103,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].telegramConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -13944,22 +14134,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -13967,7 +14157,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -13982,33 +14172,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].telegramConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -14024,18 +14214,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].telegramConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -14071,7 +14261,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -14107,7 +14297,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -14144,7 +14334,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -14209,7 +14399,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -14225,42 +14415,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].telegramConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -14275,18 +14465,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].telegramConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -14322,7 +14512,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -14358,7 +14548,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -14373,18 +14563,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].telegramConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -14420,7 +14610,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -14456,7 +14646,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -14492,7 +14682,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -14557,7 +14747,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -14572,42 +14763,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -14622,18 +14813,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -14669,7 +14860,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -14705,7 +14896,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -14720,18 +14911,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -14767,7 +14958,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -14803,7 +14994,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -14839,7 +15030,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -List of VictorOps configurations. +victoropsConfigs defines the list of VictorOps configurations. -- Type:: @@ -14868,17 +15059,19 @@ Type:: | `apiKey` | `object` -| The secret's key that contains the API key to use when talking to the VictorOps API. +| apiKey defines the secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. | `apiUrl` | `string` -| The VictorOps API URL. +| apiUrl defines the VictorOps API URL. +When not specified, defaults to the standard VictorOps API endpoint. | `customFields` | `array` -| Additional custom fields for notification. +| customFields defines additional custom fields for notification. +These provide extra metadata that will be included with the VictorOps incident. | `customFields[]` | `object` @@ -14886,38 +15079,43 @@ object and accessible by the Prometheus Operator. | `entityDisplayName` | `string` -| Contains summary of the alerted problem. +| entityDisplayName contains a summary of the alerted problem. +This appears as the main title or identifier for the incident. | `httpConfig` | `object` -| The HTTP client's configuration. +| httpConfig defines the HTTP client's configuration for VictorOps API requests. | `messageType` | `string` -| Describes the behavior of the alert (CRITICAL, WARNING, INFO). +| messageType describes the behavior of the alert. +Valid values are "CRITICAL", "WARNING", and "INFO". | `monitoringTool` | `string` -| The monitoring tool the state message is from. +| monitoringTool defines the monitoring tool the state message is from. +This helps identify the source system that generated the alert. | `routingKey` | `string` -| A key used to map the alert to a team. +| routingKey defines a key used to map the alert to a team. +This determines which VictorOps team will receive the alert notification. | `sendResolved` | `boolean` -| Whether or not to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `stateMessage` | `string` -| Contains long explanation of the alerted problem. +| stateMessage contains a long explanation of the alerted problem. +This provides detailed context about the incident. |=== === .spec.receivers[].victoropsConfigs[].apiKey Description:: + -- -The secret's key that contains the API key to use when talking to the VictorOps API. +apiKey defines the secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. -- @@ -14937,18 +15135,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].victoropsConfigs[].customFields Description:: + -- -Additional custom fields for notification. +customFields defines additional custom fields for notification. +These provide extra metadata that will be included with the VictorOps incident. -- Type:: @@ -14979,18 +15178,20 @@ Required:: | `key` | `string` -| Key of the tuple. +| key defines the key of the tuple. +This is the identifier or name part of the key-value pair. | `value` | `string` -| Value of the tuple. +| value defines the value of the tuple. +This is the data or content associated with the key. |=== === .spec.receivers[].victoropsConfigs[].httpConfig Description:: + -- -The HTTP client's configuration. +httpConfig defines the HTTP client's configuration for VictorOps API requests. -- Type:: @@ -15005,28 +15206,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -15034,11 +15240,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -15053,30 +15260,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].victoropsConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -15092,11 +15299,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -15107,7 +15314,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -15143,7 +15350,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -15159,12 +15366,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -15172,7 +15379,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -15209,7 +15416,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -15246,7 +15453,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -15267,18 +15474,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].victoropsConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -15297,22 +15505,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -15320,7 +15528,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -15335,33 +15543,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -15377,18 +15585,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -15424,7 +15632,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -15460,7 +15668,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -15497,7 +15705,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -15562,7 +15770,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -15578,42 +15786,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -15628,18 +15836,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -15675,7 +15883,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -15711,7 +15919,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -15726,18 +15934,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -15773,7 +15981,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -15809,7 +16017,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -15845,7 +16053,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -15910,7 +16118,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -15925,42 +16134,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -15975,18 +16184,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -16022,7 +16231,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -16058,7 +16267,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -16073,18 +16282,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -16120,7 +16329,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -16156,7 +16365,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -16192,7 +16401,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -List of Webex configurations. +webexConfigs defines the list of Webex configurations. -- Type:: @@ -16223,31 +16432,31 @@ Required:: | `apiURL` | `string` -| The Webex Teams API URL i.e. https://webexapis.com/v1/messages +| apiURL defines the Webex Teams API URL i.e. https://webexapis.com/v1/messages | `httpConfig` | `object` -| The HTTP client's configuration. +| httpConfig defines the HTTP client's configuration. You must use this configuration to supply the bot token as part of the HTTP `Authorization` header. | `message` | `string` -| Message template +| message defines the message template | `roomID` | `string` -| ID of the Webex Teams room where to send the messages. +| roomID defines the ID of the Webex Teams room where to send the messages. | `sendResolved` | `boolean` -| Whether to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. |=== === .spec.receivers[].webexConfigs[].httpConfig Description:: + -- -The HTTP client's configuration. +httpConfig defines the HTTP client's configuration. You must use this configuration to supply the bot token as part of the HTTP `Authorization` header. -- @@ -16263,28 +16472,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -16292,11 +16506,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -16311,30 +16526,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].webexConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -16350,11 +16565,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -16365,7 +16580,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -16401,7 +16616,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -16417,12 +16632,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -16430,7 +16645,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -16467,7 +16682,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -16504,7 +16719,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -16525,18 +16740,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].webexConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -16555,22 +16771,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -16578,7 +16794,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -16593,33 +16809,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].webexConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -16635,18 +16851,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].webexConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -16682,7 +16898,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -16718,7 +16934,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -16755,7 +16971,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -16820,7 +17036,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -16836,42 +17052,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].webexConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -16886,18 +17102,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].webexConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -16933,7 +17149,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -16969,7 +17185,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -16984,18 +17200,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].webexConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -17031,7 +17247,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -17067,7 +17283,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -17103,7 +17319,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -17168,7 +17384,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -17183,42 +17400,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].webexConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -17233,18 +17450,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].webexConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -17280,7 +17497,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -17316,7 +17533,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -17331,18 +17548,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].webexConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -17378,7 +17595,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -17414,7 +17631,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -17450,7 +17667,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -List of webhook configurations. +webhookConfigs defines the List of webhook configurations. -- Type:: @@ -17479,32 +17696,32 @@ Type:: | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the HTTP client configuration for webhook requests. | `maxAlerts` | `integer` -| Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. +| maxAlerts defines the maximum number of alerts to be sent per webhook message. +When 0, all alerts are included in the webhook payload. | `sendResolved` | `boolean` -| Whether or not to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `timeout` | `string` -| The maximum time to wait for a webhook request to complete, before failing the -request and allowing it to be retried. +| timeout defines the maximum time to wait for a webhook request to complete, +before failing the request and allowing it to be retried. It requires Alertmanager >= v0.28.0. | `url` | `string` -| The URL to send HTTP POST requests to. `urlSecret` takes precedence over -`url`. One of `urlSecret` and `url` should be defined. +| url defines the URL to send HTTP POST requests to. +urlSecret takes precedence over url. One of urlSecret and url should be defined. | `urlSecret` | `object` -| The secret's key that contains the webhook URL to send HTTP requests to. -`urlSecret` takes precedence over `url`. One of `urlSecret` and `url` -should be defined. +| urlSecret defines the secret's key that contains the webhook URL to send HTTP requests to. +urlSecret takes precedence over url. One of urlSecret and url should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -17513,7 +17730,7 @@ object and accessible by the Prometheus Operator. Description:: + -- -HTTP client configuration. +httpConfig defines the HTTP client configuration for webhook requests. -- Type:: @@ -17528,28 +17745,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -17557,11 +17779,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -17576,30 +17799,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].webhookConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -17615,11 +17838,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -17630,7 +17853,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -17666,7 +17889,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -17682,12 +17905,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -17695,7 +17918,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -17732,7 +17955,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -17769,7 +17992,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -17790,18 +18013,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].webhookConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -17820,22 +18044,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -17843,7 +18067,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -17858,33 +18082,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].webhookConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -17900,18 +18124,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].webhookConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -17947,7 +18171,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -17983,7 +18207,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -18020,7 +18244,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -18085,7 +18309,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -18101,42 +18325,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].webhookConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -18151,18 +18375,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].webhookConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -18198,7 +18422,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -18234,7 +18458,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -18249,18 +18473,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].webhookConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -18296,7 +18520,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -18332,7 +18556,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -18368,7 +18592,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -18433,7 +18657,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -18448,42 +18673,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].webhookConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -18498,18 +18723,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].webhookConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -18545,7 +18770,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -18581,7 +18806,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -18596,18 +18821,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].webhookConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -18643,7 +18868,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -18679,7 +18904,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -18715,9 +18940,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the webhook URL to send HTTP requests to. -`urlSecret` takes precedence over `url`. One of `urlSecret` and `url` -should be defined. +urlSecret defines the secret's key that contains the webhook URL to send HTTP requests to. +urlSecret takes precedence over url. One of urlSecret and url should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. -- @@ -18737,18 +18961,18 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].wechatConfigs Description:: + -- -List of WeChat configurations. +wechatConfigs defines the list of WeChat configurations. -- Type:: @@ -18777,56 +19001,64 @@ Type:: | `agentID` | `string` -| +| agentID defines the application agent ID within WeChat Work. +This identifies which WeChat Work application will send the notifications. | `apiSecret` | `object` -| The secret's key that contains the WeChat API key. +| apiSecret defines the secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. | `apiURL` | `string` -| The WeChat API URL. +| apiURL defines the WeChat API URL. +When not specified, defaults to the standard WeChat Work API endpoint. | `corpID` | `string` -| The corp id for authentication. +| corpID defines the corp id for authentication. +This is the unique identifier for your WeChat Work organization. | `httpConfig` | `object` -| HTTP client configuration. +| httpConfig defines the HTTP client configuration for WeChat API requests. | `message` | `string` -| API request data as defined by the WeChat API. +| message defines the API request data as defined by the WeChat API. +This contains the actual notification content to be sent. | `messageType` | `string` -| +| messageType defines the type of message to send. +Valid values include "text", "markdown", and other WeChat Work supported message types. | `sendResolved` | `boolean` -| Whether or not to notify about resolved alerts. +| sendResolved defines whether or not to notify about resolved alerts. | `toParty` | `string` -| +| toParty defines the target department(s) to receive the notification. +Can be a single department ID or multiple department IDs separated by '\|'. | `toTag` | `string` -| +| toTag defines the target tag(s) to receive the notification. +Can be a single tag ID or multiple tag IDs separated by '\|'. | `toUser` | `string` -| +| toUser defines the target user(s) to receive the notification. +Can be a single user ID or multiple user IDs separated by '\|'. |=== === .spec.receivers[].wechatConfigs[].apiSecret Description:: + -- -The secret's key that contains the WeChat API key. +apiSecret defines the secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. -- @@ -18846,18 +19078,18 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].wechatConfigs[].httpConfig Description:: + -- -HTTP client configuration. +httpConfig defines the HTTP client configuration for WeChat API requests. -- Type:: @@ -18872,28 +19104,33 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. +| authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. +| basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client +| bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| `enableHttp2` +| `boolean` +| enableHttp2 can be used to disable HTTP2. + | `followRedirects` | `boolean` -| FollowRedirects specifies whether the client should follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. +When true, the client will automatically follow redirect responses. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -18901,11 +19138,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 client credentials used to fetch a token for the targets. +| oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -18920,30 +19158,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyURL` | `string` -| Optional proxy URL. - +| proxyURL defines an optional proxy URL for HTTP requests. If defined, this field takes precedence over `proxyUrl`. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS configuration for the client. +| tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. |=== === .spec.receivers[].wechatConfigs[].httpConfig.authorization Description:: + -- -Authorization header configuration for the client. +authorization defines the authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- @@ -18959,11 +19197,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -18974,7 +19212,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -19010,7 +19248,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth for the client. +basicAuth defines the basic authentication credentials for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- @@ -19026,12 +19264,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -19039,7 +19277,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -19076,7 +19314,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -19113,7 +19351,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The secret's key that contains the bearer token to be used by the client +bearerTokenSecret defines the secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -19134,18 +19372,19 @@ Required:: | `key` | `string` -| The key of the secret to select from. Must be a valid secret key. +| key defines the key of the secret to select from. Must be a valid secret key. | `name` | `string` -| The name of the secret in the object's namespace to select from. +| name defines the name of the secret in the object's namespace to select from. |=== === .spec.receivers[].wechatConfigs[].httpConfig.oauth2 Description:: + -- -OAuth2 client credentials used to fetch a token for the targets. +oauth2 defines the OAuth2 client credentials used to fetch a token for the targets. +This enables OAuth2 authentication flow for HTTP requests. -- Type:: @@ -19164,22 +19403,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -19187,7 +19426,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -19202,33 +19441,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.receivers[].wechatConfigs[].httpConfig.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -19244,18 +19483,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].wechatConfigs[].httpConfig.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -19291,7 +19530,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -19327,7 +19566,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -19364,7 +19603,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -19429,7 +19668,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -19445,42 +19684,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].wechatConfigs[].httpConfig.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -19495,18 +19734,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].wechatConfigs[].httpConfig.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -19542,7 +19781,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -19578,7 +19817,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -19593,18 +19832,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].wechatConfigs[].httpConfig.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -19640,7 +19879,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -19676,7 +19915,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -19712,7 +19951,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -19777,7 +20016,8 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration for the client. +tlsConfig defines the TLS configuration for the client. +This includes settings for certificates, CA validation, and TLS protocol options. -- Type:: @@ -19792,42 +20032,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.receivers[].wechatConfigs[].httpConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -19842,18 +20082,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].wechatConfigs[].httpConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -19889,7 +20129,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -19925,7 +20165,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -19940,18 +20180,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.receivers[].wechatConfigs[].httpConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -19987,7 +20227,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -20023,7 +20263,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -20059,7 +20299,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The Alertmanager route definition for alerts matching the resource's +route defines the Alertmanager route definition for alerts matching the resource's namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. -- @@ -20076,35 +20316,35 @@ Type:: | `activeTimeIntervals` | `array (string)` -| ActiveTimeIntervals is a list of TimeInterval names when this route should be active. +| activeTimeIntervals is a list of TimeInterval names when this route should be active. | `continue` | `boolean` -| Boolean indicating whether an alert should continue matching subsequent +| continue defines the boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. | `groupBy` | `array (string)` -| List of labels to group by. +| groupBy defines the list of labels to group by. Labels must not be repeated (unique list). Special label "..." (aggregate by all possible labels), if provided, must be the only element in the list. | `groupInterval` | `string` -| How long to wait before sending an updated notification. +| groupInterval defines how long to wait before sending an updated notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: "5m" | `groupWait` | `string` -| How long to wait before sending the initial notification. +| groupWait defines how long to wait before sending the initial notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: "30s" | `matchers` | `array` -| List of matchers that the alert's labels should match. For the first +| matchers defines the list of matchers that the alert's labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher. @@ -20115,36 +20355,29 @@ namespace>` matcher. | `muteTimeIntervals` | `array (string)` -| Note: this comment applies to the field definition above but appears -below otherwise it gets included in the generated manifest. -CRD schema doesn't support self-referential types for now (see -https://github.com/kubernetes/kubernetes/issues/62872). We have to use -an alternative type to circumvent the limitation. The downside is that -the Kube API can't validate the data beyond the fact that it is a valid -JSON representation. -MuteTimeIntervals is a list of TimeInterval names that will mute this route when matched. +| muteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched, | `receiver` | `string` -| Name of the receiver for this route. If not empty, it should be listed in +| receiver defines the name of the receiver for this route. If not empty, it should be listed in the `receivers` field. | `repeatInterval` | `string` -| How long to wait before repeating the last notification. +| repeatInterval defines how long to wait before repeating the last notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: "4h" | `routes` | `array (undefined)` -| Child routes. +| routes defines the child routes. |=== === .spec.route.matchers Description:: + -- -List of matchers that the alert's labels should match. For the first +matchers defines the list of matchers that the alert's labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher. @@ -20177,24 +20410,26 @@ Required:: | `matchType` | `string` -| Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex -match) or `!~` (not regex match). -Negative operators (`!=` and `!~`) require Alertmanager >= v0.22.0. +| matchType defines the match operation available with AlertManager >= v0.22.0. +Takes precedence over Regex (deprecated) if non-empty. +Valid values: "=" (equality), "!=" (inequality), "=~" (regex match), "!~" (regex non-match). | `name` | `string` -| Label to match. +| name defines the label to match. +This specifies which alert label should be evaluated. | `value` | `string` -| Label value to match. +| value defines the label value to match. +This is the expected value for the specified label. |=== === .spec.timeIntervals Description:: + -- -List of TimeInterval specifying when the routes should be muted or active. +timeIntervals defines the list of timeIntervals specifying when the routes should be muted. -- Type:: @@ -20224,11 +20459,11 @@ Required:: | `name` | `string` -| Name of the time interval. +| name of the time interval. | `timeIntervals` | `array` -| TimeIntervals is a list of TimePeriod. +| timeIntervals defines a list of TimePeriod. | `timeIntervals[]` | `object` @@ -20239,7 +20474,7 @@ Required:: Description:: + -- -TimeIntervals is a list of TimePeriod. +timeIntervals defines a list of TimePeriod. -- Type:: @@ -20267,7 +20502,7 @@ Type:: | `daysOfMonth` | `array` -| DaysOfMonth is a list of DayOfMonthRange +| daysOfMonth defines a list of DayOfMonthRange | `daysOfMonth[]` | `object` @@ -20275,11 +20510,11 @@ Type:: | `months` | `array (string)` -| Months is a list of MonthRange +| months defines a list of MonthRange | `times` | `array` -| Times is a list of TimeRange +| times defines a list of TimeRange | `times[]` | `object` @@ -20287,18 +20522,18 @@ Type:: | `weekdays` | `array (string)` -| Weekdays is a list of WeekdayRange +| weekdays defines a list of WeekdayRange | `years` | `array (string)` -| Years is a list of YearRange +| years defines a list of YearRange |=== === .spec.timeIntervals[].timeIntervals[].daysOfMonth Description:: + -- -DaysOfMonth is a list of DayOfMonthRange +daysOfMonth defines a list of DayOfMonthRange -- Type:: @@ -20326,18 +20561,18 @@ Type:: | `end` | `integer` -| End of the inclusive range +| end of the inclusive range | `start` | `integer` -| Start of the inclusive range +| start of the inclusive range |=== === .spec.timeIntervals[].timeIntervals[].times Description:: + -- -Times is a list of TimeRange +times defines a list of TimeRange -- Type:: @@ -20365,11 +20600,11 @@ Type:: | `endTime` | `string` -| EndTime is the end time in 24hr format. +| endTime defines the end time in 24hr format. | `startTime` | `string` -| StartTime is the start time in 24hr format. +| startTime defines the start time in 24hr format. |=== diff --git a/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc index 805b36bf2c..d403b1a7c6 100644 --- a/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc @@ -48,14 +48,23 @@ Required:: | `spec` | `object` -| Specification of desired Pod selection for target discovery by Prometheus. +| spec defines the specification of desired Pod selection for target discovery by Prometheus. + +| `status` +| `object` +| status defines the status subresource. It is under active development and is updated only when the +"StatusForConfigurationResources" feature gate is enabled. + +Most recent observed status of the PodMonitor. Read-only. +More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |=== === .spec Description:: + -- -Specification of desired Pod selection for target discovery by Prometheus. +spec defines the specification of desired Pod selection for target discovery by Prometheus. -- Type:: @@ -72,32 +81,32 @@ Required:: | `attachMetadata` | `object` -| `attachMetadata` defines additional metadata which is added to the +| attachMetadata defines additional metadata which is added to the discovered targets. It requires Prometheus >= v2.35.0. | `bodySizeLimit` | `string` -| When defined, bodySizeLimit specifies a job level limit on the size +| bodySizeLimit when defined specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. It requires Prometheus >= v2.28.0. | `convertClassicHistogramsToNHCB` | `boolean` -| Whether to convert all scraped classic histograms into a native histogram with custom buckets. +| convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets. It requires Prometheus >= v3.0.0. | `fallbackScrapeProtocol` | `string` -| The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. +| fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. It requires Prometheus >= v3.0.0. | `jobLabel` | `string` -| The label to use to retrieve the job name from. +| jobLabel defines the label to use to retrieve the job name from. `jobLabel` selects the label from the associated Kubernetes `Pod` object which will be used as the `job` label for all metrics. @@ -110,49 +119,49 @@ defaults to the namespace and name of the PodMonitor object (e.g. `/< | `keepDroppedTargets` | `integer` -| Per-scrape limit on the number of targets dropped by relabeling +| keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. | `labelLimit` | `integer` -| Per-scrape limit on number of labels that will be accepted for a sample. +| labelLimit defines the per-scrape limit on number of labels that will be accepted for a sample. It requires Prometheus >= v2.27.0. | `labelNameLengthLimit` | `integer` -| Per-scrape limit on length of labels name that will be accepted for a sample. +| labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample. It requires Prometheus >= v2.27.0. | `labelValueLengthLimit` | `integer` -| Per-scrape limit on length of labels value that will be accepted for a sample. +| labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample. It requires Prometheus >= v2.27.0. | `namespaceSelector` | `object` -| `namespaceSelector` defines in which namespace(s) Prometheus should discover the pods. +| namespaceSelector defines in which namespace(s) Prometheus should discover the pods. By default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces. | `nativeHistogramBucketLimit` | `integer` -| If there are more than this many buckets in a native histogram, +| nativeHistogramBucketLimit defines ff there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0. | `nativeHistogramMinBucketFactor` | `integer-or-string` -| If the growth factor of one bucket to the next is smaller than this, +| nativeHistogramMinBucketFactor defines if the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0. | `podMetricsEndpoints` | `array` -| Defines how to scrape metrics from the selected pods. +| podMetricsEndpoints defines how to scrape metrics from the selected pods. | `podMetricsEndpoints[]` | `object` @@ -161,28 +170,28 @@ Prometheus. | `podTargetLabels` | `array (string)` -| `podTargetLabels` defines the labels which are transferred from the +| podTargetLabels defines the labels which are transferred from the associated Kubernetes `Pod` object onto the ingested metrics. | `sampleLimit` | `integer` -| `sampleLimit` defines a per-scrape limit on the number of scraped samples +| sampleLimit defines a per-scrape limit on the number of scraped samples that will be accepted. | `scrapeClass` | `string` -| The scrape class to apply. +| scrapeClass defines the scrape class to apply. | `scrapeClassicHistograms` | `boolean` -| Whether to scrape a classic histogram that is also exposed as a native histogram. +| scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0. Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration. | `scrapeProtocols` | `array (string)` -| `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the +| scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). If unset, Prometheus uses its default value. @@ -191,11 +200,11 @@ It requires Prometheus >= v2.49.0. | `selector` | `object` -| Label selector to select the Kubernetes `Pod` objects to scrape metrics from. +| selector defines the label selector to select the Kubernetes `Pod` objects to scrape metrics from. | `selectorMechanism` | `string` -| Mechanism used to select the endpoints to scrape. +| selectorMechanism defines the mechanism used to select the endpoints to scrape. By default, the selection process relies on relabel configurations to filter the discovered targets. Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. Which strategy is best for your use case needs to be carefully evaluated. @@ -204,7 +213,7 @@ It requires Prometheus >= v2.17.0. | `targetLimit` | `integer` -| `targetLimit` defines a limit on the number of scraped targets that will +| targetLimit defines a limit on the number of scraped targets that will be accepted. |=== @@ -212,7 +221,7 @@ be accepted. Description:: + -- -`attachMetadata` defines additional metadata which is added to the +attachMetadata defines additional metadata which is added to the discovered targets. It requires Prometheus >= v2.35.0. @@ -230,7 +239,7 @@ Type:: | `node` | `boolean` -| When set to true, Prometheus attaches node metadata to the discovered +| node when set to true, Prometheus attaches node metadata to the discovered targets. The Prometheus service account must have the `list` and `watch` @@ -241,7 +250,7 @@ permissions on the `Nodes` objects. Description:: + -- -`namespaceSelector` defines in which namespace(s) Prometheus should discover the pods. +namespaceSelector defines in which namespace(s) Prometheus should discover the pods. By default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces. -- @@ -257,19 +266,19 @@ Type:: | `any` | `boolean` -| Boolean describing whether all namespaces are selected in contrast to a +| any defines the boolean describing whether all namespaces are selected in contrast to a list restricting them. | `matchNames` | `array (string)` -| List of namespace names to select from. +| matchNames defines the list of namespace names to select from. |=== === .spec.podMetricsEndpoints Description:: + -- -Defines how to scrape metrics from the selected pods. +podMetricsEndpoints defines how to scrape metrics from the selected pods. -- Type:: @@ -298,33 +307,36 @@ Type:: | `authorization` | `object` -| `authorization` configures the Authorization header credentials to use when -scraping the target. +| authorization configures the Authorization header credentials used by +the client. -Cannot be set at the same time as `basicAuth`, or `oauth2`. +Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`. | `basicAuth` | `object` -| `basicAuth` configures the Basic Authentication credentials to use when -scraping the target. +| basicAuth defines the Basic Authentication credentials used by the +client. -Cannot be set at the same time as `authorization`, or `oauth2`. +Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`. | `bearerTokenSecret` | `object` -| `bearerTokenSecret` specifies a key of a Secret containing the bearer -token for scraping targets. The secret needs to be in the same namespace -as the PodMonitor object and readable by the Prometheus Operator. +| bearerTokenSecret defines a key of a Secret containing the bearer token +used by the client for authentication. The secret needs to be in the +same namespace as the custom resource and readable by the Prometheus +Operator. + +Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`. Deprecated: use `authorization` instead. | `enableHttp2` | `boolean` -| `enableHttp2` can be used to disable HTTP2 when scraping the target. +| enableHttp2 can be used to disable HTTP2. | `filterRunning` | `boolean` -| When true, the pods which are not running (e.g. either in Failed or +| filterRunning when true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. If unset, the filtering is enabled. @@ -333,28 +345,28 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod | `followRedirects` | `boolean` -| `followRedirects` defines whether the scrape requests should follow HTTP -3xx redirects. +| followRedirects defines whether the client should follow HTTP 3xx +redirects. | `honorLabels` | `boolean` -| When true, `honorLabels` preserves the metric's labels when they collide +| honorLabels when true preserves the metric's labels when they collide with the target's labels. | `honorTimestamps` | `boolean` -| `honorTimestamps` controls whether Prometheus preserves the timestamps +| honorTimestamps defines whether Prometheus preserves the timestamps when exposed by the target. | `interval` | `string` -| Interval at which Prometheus scrapes the metrics from the target. +| interval at which Prometheus scrapes the metrics from the target. If empty, Prometheus uses the global scrape interval. | `metricRelabelings` | `array` -| `metricRelabelings` configures the relabeling rules to apply to the +| metricRelabelings defines the relabeling rules to apply to the samples before ingestion. | `metricRelabelings[]` @@ -366,7 +378,7 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -374,39 +386,39 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| `oauth2` configures the OAuth2 settings to use when scraping the target. +| oauth2 defines the OAuth2 settings used by the client. It requires Prometheus >= 2.27.0. -Cannot be set at the same time as `authorization`, or `basicAuth`. +Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`. | `params` | `object` -| `params` define optional HTTP URL parameters. +| params define optional HTTP URL parameters. | `params{}` | `array (string)` -| +| | `path` | `string` -| HTTP path from which to scrape for metrics. +| path defines the HTTP path from which to scrape for metrics. If empty, Prometheus uses the default value (e.g. `/metrics`). | `port` | `string` -| The `Pod` port name which exposes the endpoint. +| port defines the `Pod` port name which exposes the endpoint. It takes precedence over the `portNumber` and `targetPort` fields. | `portNumber` | `integer` -| The `Pod` port number which exposes the endpoint. +| portNumber defines the `Pod` port number which exposes the endpoint. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -421,22 +433,22 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `relabelings` | `array` -| `relabelings` configures the relabeling rules to apply the target's +| relabelings defines the relabeling rules to apply the target's metadata labels. The Operator automatically adds relabelings for a few standard Kubernetes fields. -The original scrape job's name is available via the `\__tmp_prometheus_job_name` label. +The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config @@ -449,7 +461,7 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat | `scheme` | `string` -| HTTP scheme to use for scraping. +| scheme defines the HTTP scheme to use for scraping. `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. @@ -458,7 +470,7 @@ If empty, Prometheus uses the default value `http`. | `scrapeTimeout` | `string` -| Timeout after which Prometheus considers the scrape to be failed. +| scrapeTimeout defines the timeout after which Prometheus considers the scrape to be failed. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. @@ -466,18 +478,18 @@ The value cannot be greater than the scrape interval otherwise the operator will | `targetPort` | `integer-or-string` -| Name or number of the target port of the `Pod` object behind the Service, the +| targetPort defines the name or number of the target port of the `Pod` object behind the Service, the port must be specified with container port property. Deprecated: use 'port' or 'portNumber' instead. | `tlsConfig` | `object` -| TLS configuration to use when scraping the target. +| tlsConfig defines the TLS configuration used by the client. | `trackTimestampsStaleness` | `boolean` -| `trackTimestampsStaleness` defines whether Prometheus tracks staleness of +| trackTimestampsStaleness defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. @@ -488,10 +500,10 @@ It requires Prometheus >= v2.48.0. Description:: + -- -`authorization` configures the Authorization header credentials to use when -scraping the target. +authorization configures the Authorization header credentials used by +the client. -Cannot be set at the same time as `basicAuth`, or `oauth2`. +Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`. -- Type:: @@ -506,11 +518,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -521,7 +533,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -557,10 +569,10 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`basicAuth` configures the Basic Authentication credentials to use when -scraping the target. +basicAuth defines the Basic Authentication credentials used by the +client. -Cannot be set at the same time as `authorization`, or `oauth2`. +Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`. -- Type:: @@ -575,12 +587,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -588,7 +600,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -625,7 +637,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -662,9 +674,12 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`bearerTokenSecret` specifies a key of a Secret containing the bearer -token for scraping targets. The secret needs to be in the same namespace -as the PodMonitor object and readable by the Prometheus Operator. +bearerTokenSecret defines a key of a Secret containing the bearer token +used by the client for authentication. The secret needs to be in the +same namespace as the custom resource and readable by the Prometheus +Operator. + +Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`. Deprecated: use `authorization` instead. -- @@ -702,7 +717,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`metricRelabelings` configures the relabeling rules to apply to the +metricRelabelings defines the relabeling rules to apply to the samples before ingestion. -- @@ -734,7 +749,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -743,34 +758,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -782,11 +797,11 @@ Regex capture groups are available. Description:: + -- -`oauth2` configures the OAuth2 settings to use when scraping the target. +oauth2 defines the OAuth2 settings used by the client. It requires Prometheus >= 2.27.0. -Cannot be set at the same time as `authorization`, or `basicAuth`. +Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`. -- Type:: @@ -805,22 +820,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -828,14 +843,14 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader{}` | `array` -| +| | `proxyConnectHeader{}[]` | `object` @@ -843,33 +858,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.podMetricsEndpoints[].oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -885,18 +900,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.podMetricsEndpoints[].oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -932,7 +947,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -968,7 +983,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -1005,7 +1020,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -1070,7 +1085,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -1086,42 +1101,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.podMetricsEndpoints[].oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -1136,18 +1151,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.podMetricsEndpoints[].oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1183,7 +1198,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1219,7 +1234,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -1234,18 +1249,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.podMetricsEndpoints[].oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1281,7 +1296,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1317,7 +1332,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -1353,7 +1368,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`params` define optional HTTP URL parameters. +params define optional HTTP URL parameters. -- Type:: @@ -1366,7 +1381,7 @@ Type:: Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -1431,12 +1446,12 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`relabelings` configures the relabeling rules to apply the target's +relabelings defines the relabeling rules to apply the target's metadata labels. The Operator automatically adds relabelings for a few standard Kubernetes fields. -The original scrape job's name is available via the `\__tmp_prometheus_job_name` label. +The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- @@ -1469,7 +1484,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -1478,34 +1493,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -1517,7 +1532,7 @@ Regex capture groups are available. Description:: + -- -TLS configuration to use when scraping the target. +tlsConfig defines the TLS configuration used by the client. -- Type:: @@ -1532,42 +1547,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.podMetricsEndpoints[].tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -1582,18 +1597,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.podMetricsEndpoints[].tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1629,7 +1644,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1665,7 +1680,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -1680,18 +1695,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.podMetricsEndpoints[].tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1727,7 +1742,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1763,7 +1778,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -1799,7 +1814,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Label selector to select the Kubernetes `Pod` objects to scrape metrics from. +selector defines the label selector to select the Kubernetes `Pod` objects to scrape metrics from. -- Type:: @@ -1878,6 +1893,160 @@ the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +|=== +=== .status +Description:: ++ +-- +status defines the status subresource. It is under active development and is updated only when the +"StatusForConfigurationResources" feature gate is enabled. + +Most recent observed status of the PodMonitor. Read-only. +More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `bindings` +| `array` +| bindings defines the list of workload resources (Prometheus, PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration resource. + +| `bindings[]` +| `object` +| WorkloadBinding is a link between a configuration resource and a workload resource. + +|=== +=== .status.bindings +Description:: ++ +-- +bindings defines the list of workload resources (Prometheus, PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration resource. +-- + +Type:: + `array` + + + + +=== .status.bindings[] +Description:: ++ +-- +WorkloadBinding is a link between a configuration resource and a workload resource. +-- + +Type:: + `object` + +Required:: + - `group` + - `name` + - `namespace` + - `resource` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| conditions defines the current state of the configuration resource when bound to the referenced Workload object. + +| `conditions[]` +| `object` +| ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager or ThanosRuler. + +| `group` +| `string` +| group defines the group of the referenced resource. + +| `name` +| `string` +| name defines the name of the referenced object. + +| `namespace` +| `string` +| namespace defines the namespace of the referenced object. + +| `resource` +| `string` +| resource defines the type of resource being referenced (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager). + +|=== +=== .status.bindings[].conditions +Description:: ++ +-- +conditions defines the current state of the configuration resource when bound to the referenced Workload object. +-- + +Type:: + `array` + + + + +=== .status.bindings[].conditions[] +Description:: ++ +-- +ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager or ThanosRuler. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime defines the time of the last update to the current status property. + +| `message` +| `string` +| message defines the human-readable message indicating details for the condition's last transition. + +| `observedGeneration` +| `integer` +| observedGeneration defines the .metadata.generation that the +condition was set based upon. For instance, if `.metadata.generation` is +currently 12, but the `.status.conditions[].observedGeneration` is 9, the +condition is out of date with respect to the current state of the object. + +| `reason` +| `string` +| reason for the condition's last transition. + +| `status` +| `string` +| status of the condition. + +| `type` +| `string` +| type of the condition being reported. +Currently, only "Accepted" is supported. + |=== == API endpoints @@ -1895,6 +2064,10 @@ The following API endpoints are available: - `GET`: read the specified PodMonitor - `PATCH`: partially update the specified PodMonitor - `PUT`: replace the specified PodMonitor +* `/apis/monitoring.coreos.com/v1/namespaces/{namespace}/podmonitors/{name}/status` +- `GET`: read status of the specified PodMonitor +- `PATCH`: partially update status of the specified PodMonitor +- `PUT`: replace status of the specified PodMonitor === /apis/monitoring.coreos.com/v1/podmonitors @@ -1986,7 +2159,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc#podmonitor-monitoring-coreos-com-v1[`PodMonitor`] schema -| +| |=== .HTTP responses @@ -2119,7 +2292,109 @@ Description:: | Parameter | Type | Description | `body` | xref:../monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc#podmonitor-monitoring-coreos-com-v1[`PodMonitor`] schema -| +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc#podmonitor-monitoring-coreos-com-v1[`PodMonitor`] schema +| 201 - Created +| xref:../monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc#podmonitor-monitoring-coreos-com-v1[`PodMonitor`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/monitoring.coreos.com/v1/namespaces/{namespace}/podmonitors/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the PodMonitor +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified PodMonitor + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc#podmonitor-monitoring-coreos-com-v1[`PodMonitor`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified PodMonitor + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc#podmonitor-monitoring-coreos-com-v1[`PodMonitor`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified PodMonitor + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc#podmonitor-monitoring-coreos-com-v1[`PodMonitor`] schema +| |=== .HTTP responses diff --git a/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc index 7609ad1e5b..c5837632c2 100644 --- a/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc @@ -47,14 +47,23 @@ Required:: | `spec` | `object` -| Specification of desired Ingress selection for target discovery by Prometheus. +| spec defines the specification of desired Ingress selection for target discovery by Prometheus. + +| `status` +| `object` +| status defines the status subresource. It is under active development and is updated only when the +"StatusForConfigurationResources" feature gate is enabled. + +Most recent observed status of the Probe. Read-only. +More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |=== === .spec Description:: + -- -Specification of desired Ingress selection for target discovery by Prometheus. +spec defines the specification of desired Ingress selection for target discovery by Prometheus. -- Type:: @@ -69,64 +78,64 @@ Type:: | `authorization` | `object` -| Authorization section for this endpoint +| authorization section for this endpoint | `basicAuth` | `object` -| BasicAuth allow an endpoint to authenticate over basic authentication. +| basicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint | `bearerTokenSecret` | `object` -| Secret to mount to read bearer token for scraping targets. The secret +| bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator. | `convertClassicHistogramsToNHCB` | `boolean` -| Whether to convert all scraped classic histograms into a native histogram with custom buckets. +| convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets. It requires Prometheus >= v3.0.0. | `fallbackScrapeProtocol` | `string` -| The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. +| fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. It requires Prometheus >= v3.0.0. | `interval` | `string` -| Interval at which targets are probed using the configured prober. +| interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. | `jobName` | `string` -| The job name assigned to scraped metrics by default. +| jobName assigned to scraped metrics by default. | `keepDroppedTargets` | `integer` -| Per-scrape limit on the number of targets dropped by relabeling +| keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. | `labelLimit` | `integer` -| Per-scrape limit on number of labels that will be accepted for a sample. +| labelLimit defines the per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. | `labelNameLengthLimit` | `integer` -| Per-scrape limit on length of labels name that will be accepted for a sample. +| labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. | `labelValueLengthLimit` | `integer` -| Per-scrape limit on length of labels value that will be accepted for a sample. +| labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. | `metricRelabelings` | `array` -| MetricRelabelConfigs to apply to samples before ingestion. +| metricRelabelings defines the RelabelConfig to apply to samples before ingestion. | `metricRelabelings[]` | `object` @@ -137,29 +146,29 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat | `module` | `string` -| The module to use for probing specifying how to probe the target. +| module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml | `nativeHistogramBucketLimit` | `integer` -| If there are more than this many buckets in a native histogram, +| nativeHistogramBucketLimit defines ff there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0. | `nativeHistogramMinBucketFactor` | `integer-or-string` -| If the growth factor of one bucket to the next is smaller than this, +| nativeHistogramMinBucketFactor defines if the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0. | `oauth2` | `object` -| OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. +| oauth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. | `params` | `array` -| The list of HTTP query parameters for the scrape. +| params defines the list of HTTP query parameters for the scrape. Please note that the `.spec.module` field takes precedence over the `module` parameter from this list when both are defined. The module name must be added using Module under ProbeSpec. @@ -169,27 +178,27 @@ The module name must be added using Module under ProbeSpec. | `prober` | `object` -| Specification for the prober to use for probing targets. +| prober defines the specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. | `sampleLimit` | `integer` -| SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. +| sampleLimit defines per-scrape limit on number of scraped samples that will be accepted. | `scrapeClass` | `string` -| The scrape class to apply. +| scrapeClass defines the scrape class to apply. | `scrapeClassicHistograms` | `boolean` -| Whether to scrape a classic histogram that is also exposed as a native histogram. +| scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0. Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration. | `scrapeProtocols` | `array (string)` -| `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the +| scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). If unset, Prometheus uses its default value. @@ -198,28 +207,28 @@ It requires Prometheus >= v2.49.0. | `scrapeTimeout` | `string` -| Timeout for scraping metrics from the Prometheus exporter. +| scrapeTimeout defines the timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. The value cannot be greater than the scrape interval otherwise the operator will reject the resource. | `targetLimit` | `integer` -| TargetLimit defines a limit on the number of scraped targets that will be accepted. +| targetLimit defines a limit on the number of scraped targets that will be accepted. | `targets` | `object` -| Targets defines a set of static or dynamically discovered targets to probe. +| targets defines a set of static or dynamically discovered targets to probe. | `tlsConfig` | `object` -| TLS configuration to use when scraping the endpoint. +| tlsConfig defines the TLS configuration to use when scraping the endpoint. |=== === .spec.authorization Description:: + -- -Authorization section for this endpoint +authorization section for this endpoint -- Type:: @@ -234,11 +243,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -249,7 +258,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -285,7 +294,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth allow an endpoint to authenticate over basic authentication. +basicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint -- @@ -301,12 +310,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -314,7 +323,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -351,7 +360,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -388,7 +397,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret to mount to read bearer token for scraping targets. The secret +bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator. -- @@ -426,7 +435,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -MetricRelabelConfigs to apply to samples before ingestion. +metricRelabelings defines the RelabelConfig to apply to samples before ingestion. -- Type:: @@ -457,7 +466,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -466,34 +475,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -505,7 +514,7 @@ Regex capture groups are available. Description:: + -- -OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. +oauth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. -- Type:: @@ -524,22 +533,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -547,14 +556,14 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader{}` | `array` -| +| | `proxyConnectHeader{}[]` | `object` @@ -562,33 +571,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -604,18 +613,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -651,7 +660,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -687,7 +696,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -724,7 +733,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -789,7 +798,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -805,42 +814,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -855,18 +864,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -902,7 +911,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -938,7 +947,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -953,18 +962,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1000,7 +1009,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1036,7 +1045,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -1072,7 +1081,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The list of HTTP query parameters for the scrape. +params defines the list of HTTP query parameters for the scrape. Please note that the `.spec.module` field takes precedence over the `module` parameter from this list when both are defined. The module name must be added using Module under ProbeSpec. -- @@ -1104,18 +1113,18 @@ Required:: | `name` | `string` -| The parameter name +| name defines the parameter name | `values` | `array (string)` -| The parameter values +| values defines the parameter values |=== === .spec.prober Description:: + -- -Specification for the prober to use for probing targets. +prober defines the specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. -- @@ -1133,7 +1142,7 @@ Required:: | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -1141,12 +1150,12 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `path` | `string` -| Path to collect metrics from. +| path to collect metrics from. Defaults to `/probe`. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -1161,30 +1170,30 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scheme` | `string` -| HTTP scheme to use for scraping. +| scheme defines the HTTP scheme to use for scraping. `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. If empty, Prometheus uses the default value `http`. | `url` | `string` -| Mandatory URL of the prober. +| url defines the mandatory URL of the prober. |=== === .spec.prober.proxyConnectHeader Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -1249,7 +1258,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Targets defines a set of static or dynamically discovered targets to probe. +targets defines a set of static or dynamically discovered targets to probe. -- Type:: @@ -1297,16 +1306,16 @@ Type:: | `namespaceSelector` | `object` -| From which namespaces to select Ingress objects. +| namespaceSelector defines from which namespaces to select Ingress objects. | `relabelingConfigs` | `array` -| RelabelConfigs to apply to the label set of the target before it gets +| relabelingConfigs to apply to the label set of the target before it gets scraped. The original ingress address is available via the -`\__tmp_prometheus_ingress_address` label. It can be used to customize the +`__tmp_prometheus_ingress_address` label. It can be used to customize the probed URL. -The original scrape job's name is available via the `\__tmp_prometheus_job_name` label. +The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | `relabelingConfigs[]` @@ -1318,14 +1327,14 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat | `selector` | `object` -| Selector to select the Ingress objects. +| selector to select the Ingress objects. |=== === .spec.targets.ingress.namespaceSelector Description:: + -- -From which namespaces to select Ingress objects. +namespaceSelector defines from which namespaces to select Ingress objects. -- Type:: @@ -1340,24 +1349,24 @@ Type:: | `any` | `boolean` -| Boolean describing whether all namespaces are selected in contrast to a +| any defines the boolean describing whether all namespaces are selected in contrast to a list restricting them. | `matchNames` | `array (string)` -| List of namespace names to select from. +| matchNames defines the list of namespace names to select from. |=== === .spec.targets.ingress.relabelingConfigs Description:: + -- -RelabelConfigs to apply to the label set of the target before it gets +relabelingConfigs to apply to the label set of the target before it gets scraped. The original ingress address is available via the -`\__tmp_prometheus_ingress_address` label. It can be used to customize the +`__tmp_prometheus_ingress_address` label. It can be used to customize the probed URL. -The original scrape job's name is available via the `\__tmp_prometheus_job_name` label. +The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- @@ -1389,7 +1398,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -1398,34 +1407,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -1437,7 +1446,7 @@ Regex capture groups are available. Description:: + -- -Selector to select the Ingress objects. +selector to select the Ingress objects. -- Type:: @@ -1539,11 +1548,11 @@ Type:: | `labels` | `object (string)` -| Labels assigned to all metrics scraped from the targets. +| labels defines all labels assigned to all metrics scraped from the targets. | `relabelingConfigs` | `array` -| RelabelConfigs to apply to the label set of the targets before it gets +| relabelingConfigs defines relabelings to be apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config @@ -1556,14 +1565,14 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat | `static` | `array (string)` -| The list of hosts to probe. +| static defines the list of hosts to probe. |=== === .spec.targets.staticConfig.relabelingConfigs Description:: + -- -RelabelConfigs to apply to the label set of the targets before it gets +relabelingConfigs defines relabelings to be apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- @@ -1596,7 +1605,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -1605,34 +1614,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -1644,7 +1653,7 @@ Regex capture groups are available. Description:: + -- -TLS configuration to use when scraping the endpoint. +tlsConfig defines the TLS configuration to use when scraping the endpoint. -- Type:: @@ -1659,42 +1668,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -1709,18 +1718,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1756,7 +1765,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1792,7 +1801,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -1807,18 +1816,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1854,7 +1863,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1890,7 +1899,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -1921,6 +1930,160 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam | `boolean` | Specify whether the Secret or its key must be defined +|=== +=== .status +Description:: ++ +-- +status defines the status subresource. It is under active development and is updated only when the +"StatusForConfigurationResources" feature gate is enabled. + +Most recent observed status of the Probe. Read-only. +More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `bindings` +| `array` +| bindings defines the list of workload resources (Prometheus, PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration resource. + +| `bindings[]` +| `object` +| WorkloadBinding is a link between a configuration resource and a workload resource. + +|=== +=== .status.bindings +Description:: ++ +-- +bindings defines the list of workload resources (Prometheus, PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration resource. +-- + +Type:: + `array` + + + + +=== .status.bindings[] +Description:: ++ +-- +WorkloadBinding is a link between a configuration resource and a workload resource. +-- + +Type:: + `object` + +Required:: + - `group` + - `name` + - `namespace` + - `resource` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| conditions defines the current state of the configuration resource when bound to the referenced Workload object. + +| `conditions[]` +| `object` +| ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager or ThanosRuler. + +| `group` +| `string` +| group defines the group of the referenced resource. + +| `name` +| `string` +| name defines the name of the referenced object. + +| `namespace` +| `string` +| namespace defines the namespace of the referenced object. + +| `resource` +| `string` +| resource defines the type of resource being referenced (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager). + +|=== +=== .status.bindings[].conditions +Description:: ++ +-- +conditions defines the current state of the configuration resource when bound to the referenced Workload object. +-- + +Type:: + `array` + + + + +=== .status.bindings[].conditions[] +Description:: ++ +-- +ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager or ThanosRuler. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime defines the time of the last update to the current status property. + +| `message` +| `string` +| message defines the human-readable message indicating details for the condition's last transition. + +| `observedGeneration` +| `integer` +| observedGeneration defines the .metadata.generation that the +condition was set based upon. For instance, if `.metadata.generation` is +currently 12, but the `.status.conditions[].observedGeneration` is 9, the +condition is out of date with respect to the current state of the object. + +| `reason` +| `string` +| reason for the condition's last transition. + +| `status` +| `string` +| status of the condition. + +| `type` +| `string` +| type of the condition being reported. +Currently, only "Accepted" is supported. + |=== == API endpoints @@ -1938,6 +2101,10 @@ The following API endpoints are available: - `GET`: read the specified Probe - `PATCH`: partially update the specified Probe - `PUT`: replace the specified Probe +* `/apis/monitoring.coreos.com/v1/namespaces/{namespace}/probes/{name}/status` +- `GET`: read status of the specified Probe +- `PATCH`: partially update status of the specified Probe +- `PUT`: replace status of the specified Probe === /apis/monitoring.coreos.com/v1/probes @@ -2029,7 +2196,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../monitoring_apis/probe-monitoring-coreos-com-v1.adoc#probe-monitoring-coreos-com-v1[`Probe`] schema -| +| |=== .HTTP responses @@ -2162,7 +2329,109 @@ Description:: | Parameter | Type | Description | `body` | xref:../monitoring_apis/probe-monitoring-coreos-com-v1.adoc#probe-monitoring-coreos-com-v1[`Probe`] schema -| +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/probe-monitoring-coreos-com-v1.adoc#probe-monitoring-coreos-com-v1[`Probe`] schema +| 201 - Created +| xref:../monitoring_apis/probe-monitoring-coreos-com-v1.adoc#probe-monitoring-coreos-com-v1[`Probe`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/monitoring.coreos.com/v1/namespaces/{namespace}/probes/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Probe +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified Probe + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/probe-monitoring-coreos-com-v1.adoc#probe-monitoring-coreos-com-v1[`Probe`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified Probe + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/probe-monitoring-coreos-com-v1.adoc#probe-monitoring-coreos-com-v1[`Probe`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified Probe + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../monitoring_apis/probe-monitoring-coreos-com-v1.adoc#probe-monitoring-coreos-com-v1[`Probe`] schema +| |=== .HTTP responses diff --git a/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc index a0a6215ebf..2e0e02e4c6 100644 --- a/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc @@ -47,12 +47,12 @@ Required:: | `spec` | `object` -| Specification of the desired behavior of the Prometheus cluster. More info: +| spec defines the specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | `status` | `object` -| Most recent observed status of the Prometheus cluster. Read-only. +| status defines the most recent observed status of the Prometheus cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status @@ -61,7 +61,7 @@ https://github.com/kubernetes/community/blob/master/contributors/devel/sig-archi Description:: + -- -Specification of the desired behavior of the Prometheus cluster. More info: +spec defines the specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status -- @@ -77,7 +77,7 @@ Type:: | `additionalAlertManagerConfigs` | `object` -| AdditionalAlertManagerConfigs specifies a key of a Secret containing +| additionalAlertManagerConfigs defines a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official @@ -94,7 +94,7 @@ Prometheus after the upgrade. | `additionalAlertRelabelConfigs` | `object` -| AdditionalAlertRelabelConfigs specifies a key of a Secret containing +| additionalAlertRelabelConfigs defines a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official @@ -111,7 +111,7 @@ Prometheus after the upgrade. | `additionalArgs` | `array` -| AdditionalArgs allows setting additional arguments for the 'prometheus' container. +| additionalArgs allows setting additional arguments for the 'prometheus' container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the @@ -128,7 +128,7 @@ fail and an error will be logged. | `additionalScrapeConfigs` | `object` -| AdditionalScrapeConfigs allows specifying a key of a Secret containing +| additionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified @@ -142,22 +142,22 @@ Prometheus after the upgrade. | `affinity` | `object` -| Defines the Pods' affinity scheduling rules if specified. +| affinity defines the Pods' affinity scheduling rules if specified. | `alerting` | `object` -| Defines the settings related to Alertmanager. +| alerting defines the settings related to Alertmanager. | `allowOverlappingBlocks` | `boolean` -| AllowOverlappingBlocks enables vertical compaction and vertical query +| allowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default. | `apiserverConfig` | `object` -| APIServerConfig allows specifying a host and auth methods to access the +| apiserverConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod's CA certificate @@ -165,7 +165,7 @@ and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. | `arbitraryFSAccessThroughSMs` | `object` -| When true, ServiceMonitor, PodMonitor and Probe object are forbidden to +| arbitraryFSAccessThroughSMs when true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value @@ -178,7 +178,7 @@ Users should instead provide the credentials using the | `automountServiceAccountToken` | `boolean` -| AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. +| automountServiceAccountToken defines whether a service account token should be automatically mounted in the pod. If the field isn't set, the operator mounts the service account token by default. **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. @@ -186,11 +186,11 @@ It is possible to use strategic merge patch to project the service account token | `baseImage` | `string` -| Deprecated: use 'spec.image' instead. +| baseImage is deprecated: use 'spec.image' instead. | `bodySizeLimit` | `string` -| BodySizeLimit defines per-scrape on response body size. +| bodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don't specify an explicit limit value. @@ -198,14 +198,14 @@ If you want to enforce a maximum limit for all scrape objects, refer to enforced | `configMaps` | `array (string)` -| ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus +| configMaps defines a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container. | `containers` | `array` -| Containers allows injecting additional containers or modifying operator +| containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated @@ -227,28 +227,28 @@ may break at any time without notice. | `convertClassicHistogramsToNHCB` | `boolean` -| Whether to convert all scraped classic histograms into a native +| convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets. It requires Prometheus >= v3.4.0. | `disableCompaction` | `boolean` -| When true, the Prometheus compaction is disabled. +| disableCompaction when true, the Prometheus compaction is disabled. When `spec.thanos.objectStorageConfig` or `spec.objectStorageConfigFile` are defined, the operator automatically disables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends). | `dnsConfig` | `object` -| Defines the DNS configuration for the pods. +| dnsConfig defines the DNS configuration for the pods. | `dnsPolicy` | `string` -| Defines the DNS policy for the pods. +| dnsPolicy defines the DNS policy for the pods. | `enableAdminAPI` | `boolean` -| Enables access to the Prometheus web admin API. +| enableAdminAPI defines access to the Prometheus web admin API. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the @@ -260,7 +260,7 @@ https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis | `enableFeatures` | `array (string)` -| Enable access to Prometheus feature flags. By default, no features are enabled. +| enableFeatures enables access to Prometheus feature flags. By default, no features are enabled. Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept @@ -270,7 +270,7 @@ For more information see https://prometheus.io/docs/prometheus/latest/feature_fl | `enableOTLPReceiver` | `boolean` -| Enable Prometheus to be used as a receiver for the OTLP Metrics protocol. +| enableOTLPReceiver defines the Prometheus to be used as a receiver for the OTLP Metrics protocol. Note that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined. @@ -278,7 +278,7 @@ It requires Prometheus >= v2.47.0. | `enableRemoteWriteReceiver` | `boolean` -| Enable Prometheus to be used as a receiver for the Prometheus remote +| enableRemoteWriteReceiver defines the Prometheus to be used as a receiver for the Prometheus remote write protocol. WARNING: This is not considered an efficient way of ingesting samples. @@ -291,11 +291,11 @@ It requires Prometheus >= v2.33.0. | `enableServiceLinks` | `boolean` -| Indicates whether information about services should be injected into pod's environment variables +| enableServiceLinks defines whether information about services should be injected into pod's environment variables | `enforcedBodySizeLimit` | `string` -| When defined, enforcedBodySizeLimit specifies a global limit on the size +| enforcedBodySizeLimit when defined specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. @@ -310,7 +310,7 @@ When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater th | `enforcedKeepDroppedTargets` | `integer` -| When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets +| enforcedKeepDroppedTargets when defined specifies a global limit on the number of targets dropped by relabeling that will be kept in memory. The value overrides any `spec.keepDroppedTargets` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is @@ -326,7 +326,7 @@ When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and | `enforcedLabelLimit` | `integer` -| When defined, enforcedLabelLimit specifies a global limit on the number +| enforcedLabelLimit when defined specifies a global limit on the number of labels per sample. The value overrides any `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. @@ -341,7 +341,7 @@ When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zer | `enforcedLabelNameLengthLimit` | `integer` -| When defined, enforcedLabelNameLengthLimit specifies a global limit on the length +| enforcedLabelNameLengthLimit when defined specifies a global limit on the length of labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. @@ -356,7 +356,7 @@ When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined | `enforcedLabelValueLengthLimit` | `integer` -| When not null, enforcedLabelValueLengthLimit defines a global limit on the length +| enforcedLabelValueLengthLimit when not null defines a global limit on the length of labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. @@ -371,7 +371,7 @@ When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are define | `enforcedNamespaceLabel` | `string` -| When not empty, a label will be added to: +| enforcedNamespaceLabel when not empty, a label will be added to: 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. @@ -386,7 +386,7 @@ The label's value is the namespace of the `ServiceMonitor`, | `enforcedSampleLimit` | `integer` -| When defined, enforcedSampleLimit specifies a global limit on the number +| enforcedSampleLimit when defined specifies a global limit on the number of scraped samples that will be accepted. This overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.sampleLimit` is greater than zero and less than @@ -403,7 +403,7 @@ When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than z | `enforcedTargetLimit` | `integer` -| When defined, enforcedTargetLimit specifies a global limit on the number +| enforcedTargetLimit when defined specifies a global limit on the number of scraped targets. The value overrides any `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. @@ -419,12 +419,12 @@ When both `enforcedTargetLimit` and `targetLimit` are defined and greater than z | `evaluationInterval` | `string` -| Interval between rule evaluations. +| evaluationInterval defines the interval between rule evaluations. Default: "30s" | `excludedFromEnforcement` | `array` -| List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects +| excludedFromEnforcement defines the list of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. It is only applicable if `spec.enforcedNamespaceLabel` set to true. @@ -435,25 +435,25 @@ It is only applicable if `spec.enforcedNamespaceLabel` set to true. | `exemplars` | `object` -| Exemplars related settings that are runtime reloadable. +| exemplars related settings that are runtime reloadable. It requires to enable the `exemplar-storage` feature flag to be effective. | `externalLabels` | `object (string)` -| The labels to add to any time series or alerts when communicating with +| externalLabels defines the labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` take precedence over this list. | `externalUrl` | `string` -| The external URL under which the Prometheus service is externally +| externalUrl defines the external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource). | `hostAliases` | `array` -| Optional list of hosts and IPs that will be injected into the Pod's +| hostAliases defines the optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. | `hostAliases[]` @@ -463,7 +463,7 @@ pod's hosts file. | `hostNetwork` | `boolean` -| Use the host's network namespace if true. +| hostNetwork defines the host's network namespace if true. Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/ ). @@ -474,7 +474,7 @@ to a different value). | `hostUsers` | `boolean` -| HostUsers supports the user space in Kubernetes. +| hostUsers supports the user space in Kubernetes. More info: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/ @@ -483,14 +483,14 @@ Starting Kubernetes 1.33, the feature is enabled by default. | `ignoreNamespaceSelectors` | `boolean` -| When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor +| ignoreNamespaceSelectors when true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object. | `image` | `string` -| Container image name for Prometheus. If specified, it takes precedence +| image defines the container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. Specifying `spec.version` is still necessary to ensure the Prometheus @@ -502,12 +502,12 @@ when the operator was released. | `imagePullPolicy` | `string` -| Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. +| imagePullPolicy defines the image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. | `imagePullSecrets` | `array` -| An optional list of references to Secrets in the same namespace +| imagePullSecrets defines an optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod @@ -518,7 +518,7 @@ referenced object inside the same namespace. | `initContainers` | `array` -| InitContainers allows injecting initContainers to the Pod definition. Those +| initContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: @@ -540,7 +540,7 @@ may break at any time without notice. | `keepDroppedTargets` | `integer` -| Per-scrape limit on the number of targets dropped by relabeling +| keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. @@ -550,7 +550,7 @@ If you want to enforce a maximum limit for all scrape objects, refer to enforced | `labelLimit` | `integer` -| Per-scrape limit on number of labels that will be accepted for a sample. +| labelLimit defines per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don't specify an explicit limit value. @@ -558,7 +558,7 @@ If you want to enforce a maximum limit for all scrape objects, refer to enforced | `labelNameLengthLimit` | `integer` -| Per-scrape limit on length of labels name that will be accepted for a sample. +| labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don't specify an explicit limit value. @@ -566,7 +566,7 @@ If you want to enforce a maximum limit for all scrape objects, refer to enforced | `labelValueLengthLimit` | `integer` -| Per-scrape limit on length of labels value that will be accepted for a sample. +| labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don't specify an explicit limit value. @@ -574,32 +574,32 @@ If you want to enforce a maximum limit for all scrape objects, refer to enforced | `listenLocal` | `boolean` -| When true, the Prometheus server listens on the loopback address +| listenLocal when true, the Prometheus server listens on the loopback address instead of the Pod IP's address. | `logFormat` | `string` -| Log format for Log level for Prometheus and the config-reloader sidecar. +| logFormat for Log level for Prometheus and the config-reloader sidecar. | `logLevel` | `string` -| Log level for Prometheus and the config-reloader sidecar. +| logLevel for Prometheus and the config-reloader sidecar. | `maximumStartupDurationSeconds` | `integer` -| Defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. -If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes). +| maximumStartupDurationSeconds defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. +If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 900 seconds (15 minutes). | `minReadySeconds` | `integer` -| Minimum number of seconds for which a newly created Pod should be ready +| minReadySeconds defines the minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. If unset, pods will be considered available as soon as they are ready. | `nameEscapingScheme` | `string` -| Specifies the character escaping scheme that will be requested when scraping +| nameEscapingScheme defines the character escaping scheme that will be requested when scraping for metric and label names that do not conform to the legacy Prometheus character set. @@ -607,48 +607,48 @@ It requires Prometheus >= v3.4.0. | `nameValidationScheme` | `string` -| Specifies the validation scheme for metric and label names. +| nameValidationScheme defines the validation scheme for metric and label names. It requires Prometheus >= v2.55.0. | `nodeSelector` | `object (string)` -| Defines on which Nodes the Pods are scheduled. +| nodeSelector defines on which Nodes the Pods are scheduled. | `otlp` | `object` -| Settings related to the OTLP receiver feature. +| otlp defines the settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. | `overrideHonorLabels` | `boolean` -| When true, Prometheus resolves label conflicts by renaming the labels in the scraped data +| overrideHonorLabels when true, Prometheus resolves label conflicts by renaming the labels in the scraped data to “exported_” for all targets created from ServiceMonitor, PodMonitor and ScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies. -In practice,`overrideHonorLaels:true` enforces `honorLabels:false` +In practice,`OverrideHonorLabels:true` enforces `honorLabels:false` for all ServiceMonitor, PodMonitor and ScrapeConfig objects. | `overrideHonorTimestamps` | `boolean` -| When true, Prometheus ignores the timestamps for all the targets created +| overrideHonorTimestamps when true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies. | `paused` | `boolean` -| When a Prometheus deployment is paused, no actions except for deletion +| paused defines when a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. | `persistentVolumeClaimRetentionPolicy` | `object` -| The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. +| persistentVolumeClaimRetentionPolicy defines the field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate. | `podMetadata` | `object` -| PodMetadata configures labels and annotations which are propagated to the Prometheus pods. +| podMetadata defines labels and annotations which are propagated to the Prometheus pods. The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. @@ -662,13 +662,13 @@ The following items are reserved and cannot be overridden: | `podMonitorNamespaceSelector` | `object` -| Namespaces to match for PodMonitors discovery. An empty label selector +| podMonitorNamespaceSelector defines the namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only. | `podMonitorSelector` | `object` -| PodMonitors to be selected for target discovery. An empty label selector +| podMonitorSelector defines the podMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` @@ -682,27 +682,27 @@ of the custom resource definition. It is recommended to use | `podTargetLabels` | `array (string)` -| PodTargetLabels are appended to the `spec.podTargetLabels` field of all +| podTargetLabels are appended to the `spec.podTargetLabels` field of all PodMonitor and ServiceMonitor objects. | `portName` | `string` -| Port name used for the pods and governing service. +| portName used for the pods and governing service. Default: "web" | `priorityClassName` | `string` -| Priority class assigned to the Pods. +| priorityClassName assigned to the Pods. | `probeNamespaceSelector` | `object` -| Namespaces to match for Probe discovery. An empty label +| probeNamespaceSelector defines the namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. | `probeSelector` | `object` -| Probes to be selected for target discovery. An empty label selector +| probeSelector defines the probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` @@ -716,7 +716,7 @@ of the custom resource definition. It is recommended to use | `prometheusExternalLabelName` | `string` -| Name of Prometheus external label used to denote the Prometheus instance +| prometheusExternalLabelName defines the name of Prometheus external label used to denote the Prometheus instance name. The external label will _not_ be added when the field is set to the empty string (`""`). @@ -724,7 +724,7 @@ Default: "prometheus" | `prometheusRulesExcludedFromEnforce` | `array` -| Defines the list of PrometheusRule objects to which the namespace label +| prometheusRulesExcludedFromEnforce defines the list of PrometheusRule objects to which the namespace label enforcement doesn't apply. This is only relevant when `spec.enforcedNamespaceLabel` is set to true. Deprecated: use `spec.excludedFromEnforcement` instead. @@ -737,7 +737,7 @@ namespace label for alerts and metrics. | `query` | `object` -| QuerySpec defines the configuration of the Promethus query service. +| query defines the configuration of the Prometheus query service. | `queryLogFile` | `string` @@ -755,12 +755,12 @@ stream. | `reloadStrategy` | `string` -| Defines the strategy used to reload the Prometheus configuration. +| reloadStrategy defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint. | `remoteRead` | `array` -| Defines the list of remote read configurations. +| remoteRead defines the list of remote read configurations. | `remoteRead[]` | `object` @@ -769,7 +769,7 @@ from a remote endpoint. | `remoteWrite` | `array` -| Defines the list of remote write configurations. +| remoteWrite defines the list of remote write configurations. | `remoteWrite[]` | `object` @@ -778,14 +778,14 @@ to a remote endpoint. | `remoteWriteReceiverMessageVersions` | `array (string)` -| List of the protobuf message versions to accept when receiving the +| remoteWriteReceiverMessageVersions list of the protobuf message versions to accept when receiving the remote writes. It requires Prometheus >= v2.54.0. | `replicaExternalLabelName` | `string` -| Name of Prometheus external label used to denote the replica name. +| replicaExternalLabelName defines the name of Prometheus external label used to denote the replica name. The external label will _not_ be added when the field is set to the empty string (`""`). @@ -793,7 +793,7 @@ Default: "prometheus_replica" | `replicas` | `integer` -| Number of replicas of each shard to deploy for a Prometheus deployment. +| replicas defines the number of replicas of each shard to deploy for a Prometheus deployment. `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. @@ -801,21 +801,21 @@ Default: 1 | `resources` | `object` -| Defines the resources requests and limits of the 'prometheus' container. +| resources defines the resources requests and limits of the 'prometheus' container. | `retention` | `string` -| How long to retain the Prometheus data. +| retention defines how long to retain the Prometheus data. Default: "24h" if `spec.retention` and `spec.retentionSize` are empty. | `retentionSize` | `string` -| Maximum number of bytes used by the Prometheus data. +| retentionSize defines the maximum number of bytes used by the Prometheus data. | `routePrefix` | `string` -| The route prefix Prometheus registers HTTP handlers for. +| routePrefix defines the route prefix Prometheus registers HTTP handlers for. This is useful when using `spec.externalURL`, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but @@ -824,32 +824,32 @@ for use with `kubectl proxy`. | `ruleNamespaceSelector` | `object` -| Namespaces to match for PrometheusRule discovery. An empty label selector +| ruleNamespaceSelector defines the namespaces to match for PrometheusRule discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. | `ruleQueryOffset` | `string` -| Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. +| ruleQueryOffset defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. It requires Prometheus >= v2.53.0. | `ruleSelector` | `object` -| PrometheusRule objects to be selected for rule evaluation. An empty +| ruleSelector defines the prometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects. | `rules` | `object` -| Defines the configuration of the Prometheus rules' engine. +| rules defines the configuration of the Prometheus rules' engine. | `runtime` | `object` -| RuntimeConfig configures the values for the Prometheus process behavior +| runtime defines the values for the Prometheus process behavior | `sampleLimit` | `integer` -| SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. +| sampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don't specify an explicit limit value. @@ -857,7 +857,7 @@ If you want to enforce a maximum limit for all scrape objects, refer to enforced | `scrapeClasses` | `array` -| List of scrape classes to expose to scraping objects such as +| scrapeClasses defines the list of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. This is an *experimental feature*, it may change in any upcoming release @@ -865,11 +865,11 @@ in a breaking way. | `scrapeClasses[]` | `object` -| +| | `scrapeClassicHistograms` | `boolean` -| Whether to scrape a classic histogram that is also exposed as a native histogram. +| scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram. Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration. @@ -877,7 +877,7 @@ It requires Prometheus >= v3.5.0. | `scrapeConfigNamespaceSelector` | `object` -| Namespaces to match for ScrapeConfig discovery. An empty label selector +| scrapeConfigNamespaceSelector defines the namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. @@ -885,7 +885,7 @@ Note that the ScrapeConfig custom resource definition is currently at Alpha leve | `scrapeConfigSelector` | `object` -| ScrapeConfigs to be selected for target discovery. An empty label +| scrapeConfigSelector defines the scrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` @@ -901,7 +901,7 @@ Note that the ScrapeConfig custom resource definition is currently at Alpha leve | `scrapeFailureLogFile` | `string` -| File to which scrape failures are logged. +| scrapeFailureLogFile defines the file to which scrape failures are logged. Reloading the configuration will reopen the file. If the filename has an empty path, e.g. 'file.log', The Prometheus Pods @@ -912,13 +912,13 @@ It requires Prometheus >= v2.55.0. | `scrapeInterval` | `string` -| Interval between consecutive scrapes. +| scrapeInterval defines interval between consecutive scrapes. Default: "30s" | `scrapeProtocols` | `array (string)` -| The protocols to negotiate during a scrape. It tells clients the +| scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). If unset, Prometheus uses its default value. @@ -929,29 +929,29 @@ It requires Prometheus >= v2.49.0. | `scrapeTimeout` | `string` -| Number of seconds to wait until a scrape request times out. +| scrapeTimeout defines the number of seconds to wait until a scrape request times out. The value cannot be greater than the scrape interval otherwise the operator will reject the resource. | `secrets` | `array (string)` -| Secrets is a list of Secrets in the same namespace as the Prometheus +| secrets defines a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each Secret is added to the StatefulSet definition as a volume named `secret-`. The Secrets are mounted into /etc/prometheus/secrets/ in the 'prometheus' container. | `securityContext` | `object` -| SecurityContext holds pod-level security attributes and common container settings. +| securityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | `serviceAccountName` | `string` -| ServiceAccountName is the name of the ServiceAccount to use to run the +| serviceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. | `serviceDiscoveryRole` | `string` -| Defines the service discovery role used to discover targets from +| serviceDiscoveryRole defines the service discovery role used to discover targets from `ServiceMonitor` objects and Alertmanager endpoints. If set, the value should be either "Endpoints" or "EndpointSlice". @@ -959,13 +959,13 @@ If unset, the operator assumes the "Endpoints" role. | `serviceMonitorNamespaceSelector` | `object` -| Namespaces to match for ServicedMonitors discovery. An empty label selector +| serviceMonitorNamespaceSelector defines the namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only. | `serviceMonitorSelector` | `object` -| ServiceMonitors to be selected for target discovery. An empty label +| serviceMonitorSelector defines the serviceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` @@ -979,7 +979,7 @@ of the custom resource definition. It is recommended to use | `serviceName` | `string` -| The name of the service name used by the underlying StatefulSet(s) as the governing service. +| serviceName defines the name of the service name used by the underlying StatefulSet(s) as the governing service. If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, or `prometheus-agent-operated` for PrometheusAgent resources. @@ -988,11 +988,11 @@ See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stabl | `sha` | `string` -| Deprecated: use 'spec.image' instead. The image's digest can be specified as part of the image name. +| sha is deprecated: use 'spec.image' instead. The image's digest can be specified as part of the image name. | `shardRetentionPolicy` | `object` -| ShardRetentionPolicy defines the retention policy for the Prometheus shards. +| shardRetentionPolicy defines the retention policy for the Prometheus shards. (Alpha) Using this field requires the 'PrometheusShardRetentionPolicy' feature gate to be enabled. The final goals for this feature can be seen at https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/proposals/202310-shard-autoscaling.md#graceful-scale-down-of-prometheus-servers, @@ -1001,7 +1001,7 @@ however, the feature is not yet fully implemented in this PR. The limitation bei | `shards` | `integer` -| Number of shards to distribute the scraped targets onto. +| shards defines the number of shards to distribute the scraped targets onto. `spec.replicas` multiplied by `spec.shards` is the total number of Pods being created. @@ -1021,7 +1021,7 @@ ServiceMonitor and ScrapeConfig resources. * The `__param_target__` label for Probe resources. Users can define their own sharding implementation by setting the -`\__tmp_hash` label during the target discovery with relabeling +`__tmp_hash` label during the target discovery with relabeling configuration (either in the monitoring resources or via scrape class). You can also disable sharding on a specific target by setting the @@ -1030,15 +1030,15 @@ the label value isn't empty, all Prometheus shards will scrape the target. | `storage` | `object` -| Storage defines the storage used by Prometheus. +| storage defines the storage used by Prometheus. | `tag` | `string` -| Deprecated: use 'spec.image' instead. The image's tag can be specified as part of the image name. +| tag is deprecated: use 'spec.image' instead. The image's tag can be specified as part of the image name. | `targetLimit` | `integer` -| TargetLimit defines a limit on the number of scraped targets that will be accepted. +| targetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer. Note that the global limit only applies to scrape objects that don't specify an explicit limit value. @@ -1046,7 +1046,7 @@ If you want to enforce a maximum limit for all scrape objects, refer to enforced | `terminationGracePeriodSeconds` | `integer` -| Optional duration in seconds the pod needs to terminate gracefully. +| terminationGracePeriodSeconds defines the optional duration in seconds the pod needs to terminate gracefully. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down) which may lead to data corruption. @@ -1054,11 +1054,11 @@ Defaults to 600 seconds. | `thanos` | `object` -| Defines the configuration of the optional Thanos sidecar. +| thanos defines the configuration of the optional Thanos sidecar. | `tolerations` | `array` -| Defines the Pods' tolerations if specified. +| tolerations defines the Pods' tolerations if specified. | `tolerations[]` | `object` @@ -1067,27 +1067,27 @@ the triple using the matching operator . | `topologySpreadConstraints` | `array` -| Defines the pod's topology spread constraints if specified. +| topologySpreadConstraints defines the pod's topology spread constraints if specified. | `topologySpreadConstraints[]` | `object` -| +| | `tracingConfig` | `object` -| TracingConfig configures tracing in Prometheus. +| tracingConfig defines tracing in Prometheus. This is an *experimental feature*, it may change in any upcoming release in a breaking way. | `tsdb` | `object` -| Defines the runtime reloadable configuration of the timeseries database(TSDB). +| tsdb defines the runtime reloadable configuration of the timeseries database(TSDB). It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. | `version` | `string` -| Version of Prometheus being deployed. The operator uses this information +| version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. If not specified, the operator assumes the latest upstream version of @@ -1096,7 +1096,7 @@ released. | `volumeMounts` | `array` -| VolumeMounts allows the configuration of additional VolumeMounts. +| volumeMounts allows the configuration of additional VolumeMounts. VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects. @@ -1107,7 +1107,7 @@ container, that are generated as a result of StorageSpec objects. | `volumes` | `array` -| Volumes allows the configuration of additional volumes on the output +| volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. @@ -1117,7 +1117,7 @@ volumes that are generated as a result of StorageSpec objects. | `walCompression` | `boolean` -| Configures compression of the write-ahead log (WAL) using Snappy. +| walCompression defines the compression of the write-ahead log (WAL) using Snappy. WAL compression is enabled by default for Prometheus >= 2.20.0 @@ -1125,14 +1125,14 @@ Requires Prometheus v2.11.0 and above. | `web` | `object` -| Defines the configuration of the Prometheus web server. +| web defines the configuration of the Prometheus web server. |=== === .spec.additionalAlertManagerConfigs Description:: + -- -AdditionalAlertManagerConfigs specifies a key of a Secret containing +additionalAlertManagerConfigs defines a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official @@ -1181,7 +1181,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -AdditionalAlertRelabelConfigs specifies a key of a Secret containing +additionalAlertRelabelConfigs defines a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official @@ -1230,7 +1230,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -AdditionalArgs allows setting additional arguments for the 'prometheus' container. +additionalArgs allows setting additional arguments for the 'prometheus' container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the @@ -1269,18 +1269,18 @@ Required:: | `name` | `string` -| Name of the argument, e.g. "scrape.discovery-reload-interval". +| name of the argument, e.g. "scrape.discovery-reload-interval". | `value` | `string` -| Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) +| value defines the argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) |=== === .spec.additionalScrapeConfigs Description:: + -- -AdditionalScrapeConfigs allows specifying a key of a Secret containing +additionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified @@ -1326,7 +1326,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Defines the Pods' affinity scheduling rules if specified. +affinity defines the Pods' affinity scheduling rules if specified. -- Type:: @@ -2414,8 +2414,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` @@ -2452,8 +2452,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. -- @@ -3007,7 +3007,7 @@ merge patch. Description:: + -- -Defines the settings related to Alertmanager. +alerting defines the settings related to Alertmanager. -- Type:: @@ -3024,7 +3024,7 @@ Required:: | `alertmanagers` | `array` -| Alertmanager endpoints where Prometheus should send alerts to. +| alertmanagers endpoints where Prometheus should send alerts to. | `alertmanagers[]` | `object` @@ -3036,7 +3036,7 @@ containing Alertmanager IPs to fire alerts against. Description:: + -- -Alertmanager endpoints where Prometheus should send alerts to. +alertmanagers endpoints where Prometheus should send alerts to. -- Type:: @@ -3068,7 +3068,7 @@ Required:: | `alertRelabelings` | `array` -| Relabeling configs applied before sending alerts to a specific Alertmanager. +| alertRelabelings defines the relabeling configs applied before sending alerts to a specific Alertmanager. It requires Prometheus >= v2.51.0. | `alertRelabelings[]` @@ -3080,25 +3080,25 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat | `apiVersion` | `string` -| Version of the Alertmanager API that Prometheus uses to send alerts. +| apiVersion defines the version of the Alertmanager API that Prometheus uses to send alerts. It can be "V1" or "V2". The field has no effect for Prometheus >= v3.0.0 because only the v2 API is supported. | `authorization` | `object` -| Authorization section for Alertmanager. +| authorization section for Alertmanager. Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`. | `basicAuth` | `object` -| BasicAuth configuration for Alertmanager. +| basicAuth configuration for Alertmanager. Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`. | `bearerTokenFile` | `string` -| File to read bearer token for Alertmanager. +| bearerTokenFile defines the file to read bearer token for Alertmanager. Cannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`. @@ -3106,22 +3106,22 @@ Deprecated: this will be removed in a future release. Prefer using `authorizatio | `enableHttp2` | `boolean` -| Whether to enable HTTP2. +| enableHttp2 defines whether to enable HTTP2. | `name` | `string` -| Name of the Endpoints object in the namespace. +| name of the Endpoints object in the namespace. | `namespace` | `string` -| Namespace of the Endpoints object. +| namespace of the Endpoints object. If not set, the object will be discovered in the namespace of the Prometheus object. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -3129,22 +3129,22 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `pathPrefix` | `string` -| Prefix for the HTTP path alerts are pushed to. +| pathPrefix defines the prefix for the HTTP path alerts are pushed to. | `port` | `integer-or-string` -| Port on which the Alertmanager API is exposed. +| port on which the Alertmanager API is exposed. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader{}` | `array` -| +| | `proxyConnectHeader{}[]` | `object` @@ -3152,17 +3152,17 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `relabelings` | `array` -| Relabel configuration applied to the discovered Alertmanagers. +| relabelings defines the relabel configuration applied to the discovered Alertmanagers. | `relabelings[]` | `object` @@ -3173,11 +3173,11 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat | `scheme` | `string` -| Scheme to use when firing alerts. +| scheme to use when firing alerts. | `sigv4` | `object` -| Sigv4 allows to configures AWS's Signature Verification 4 for the URL. +| sigv4 defines AWS's Signature Verification 4 for the URL. It requires Prometheus >= v2.48.0. @@ -3185,18 +3185,18 @@ Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorizati | `timeout` | `string` -| Timeout is a per-target Alertmanager timeout when pushing alerts. +| timeout defines a per-target Alertmanager timeout when pushing alerts. | `tlsConfig` | `object` -| TLS Config to use for Alertmanager. +| tlsConfig to use for Alertmanager. |=== === .spec.alerting.alertmanagers[].alertRelabelings Description:: + -- -Relabeling configs applied before sending alerts to a specific Alertmanager. +alertRelabelings defines the relabeling configs applied before sending alerts to a specific Alertmanager. It requires Prometheus >= v2.51.0. -- @@ -3228,7 +3228,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -3237,34 +3237,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -3276,7 +3276,7 @@ Regex capture groups are available. Description:: + -- -Authorization section for Alertmanager. +authorization section for Alertmanager. Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`. -- @@ -3293,11 +3293,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -3308,7 +3308,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -3344,7 +3344,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth configuration for Alertmanager. +basicAuth configuration for Alertmanager. Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`. -- @@ -3361,12 +3361,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -3374,7 +3374,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -3411,7 +3411,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -3448,7 +3448,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -3513,7 +3513,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Relabel configuration applied to the discovered Alertmanagers. +relabelings defines the relabel configuration applied to the discovered Alertmanagers. -- Type:: @@ -3544,7 +3544,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -3553,34 +3553,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -3592,7 +3592,7 @@ Regex capture groups are available. Description:: + -- -Sigv4 allows to configures AWS's Signature Verification 4 for the URL. +sigv4 defines AWS's Signature Verification 4 for the URL. It requires Prometheus >= v2.48.0. @@ -3611,32 +3611,37 @@ Type:: | `accessKey` | `object` -| AccessKey is the AWS API key. If not specified, the environment variable +| accessKey defines the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. | `profile` | `string` -| Profile is the named AWS profile used to authenticate. +| profile defines the named AWS profile used to authenticate. | `region` | `string` -| Region is the AWS region. If blank, the region from the default credentials chain used. +| region defines the AWS region. If blank, the region from the default credentials chain used. | `roleArn` | `string` -| RoleArn is the named AWS profile used to authenticate. +| roleArn defines the named AWS profile used to authenticate. | `secretKey` | `object` -| SecretKey is the AWS API secret. If not specified, the environment +| secretKey defines the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. +| `useFIPSSTSEndpoint` +| `boolean` +| useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. +It requires Prometheus >= v2.54.0. + |=== === .spec.alerting.alertmanagers[].sigv4.accessKey Description:: + -- -AccessKey is the AWS API key. If not specified, the environment variable +accessKey defines the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. -- @@ -3673,7 +3678,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -SecretKey is the AWS API secret. If not specified, the environment +secretKey defines the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. -- @@ -3710,7 +3715,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS Config to use for Alertmanager. +tlsConfig to use for Alertmanager. -- Type:: @@ -3725,54 +3730,54 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `caFile` | `string` -| Path to the CA cert in the Prometheus container to use for the targets. +| caFile defines the path to the CA cert in the Prometheus container to use for the targets. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `certFile` | `string` -| Path to the client cert file in the Prometheus container for the targets. +| certFile defines the path to the client cert file in the Prometheus container for the targets. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keyFile` | `string` -| Path to the client key file in the Prometheus container for the targets. +| keyFile defines the path to the client key file in the Prometheus container for the targets. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.alerting.alertmanagers[].tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -3787,18 +3792,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.alerting.alertmanagers[].tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -3834,7 +3839,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -3870,7 +3875,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -3885,18 +3890,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.alerting.alertmanagers[].tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -3932,7 +3937,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -3968,7 +3973,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -4004,7 +4009,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -APIServerConfig allows specifying a host and auth methods to access the +apiserverConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod's CA certificate @@ -4025,28 +4030,27 @@ Required:: | `authorization` | `object` -| Authorization section for the API server. +| authorization section for the API server. Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`. | `basicAuth` | `object` -| BasicAuth configuration for the API server. +| basicAuth configuration for the API server. Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`. | `bearerToken` | `string` -| *Warning: this field shouldn't be used because the token value appears +| bearerToken is deprecated: this will be removed in a future release. + *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* -Deprecated: this will be removed in a future release. - | `bearerTokenFile` | `string` -| File to read bearer token for accessing apiserver. +| bearerTokenFile defines the file to read bearer token for accessing apiserver. Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. @@ -4054,12 +4058,12 @@ Deprecated: this will be removed in a future release. Prefer using `authorizatio | `host` | `string` -| Kubernetes API address consisting of a hostname or IP address followed +| host defines the Kubernetes API address consisting of a hostname or IP address followed by an optional port number. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -4067,7 +4071,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -4082,24 +4086,24 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `tlsConfig` | `object` -| TLS Config to use for the API server. +| tlsConfig to use for the API server. |=== === .spec.apiserverConfig.authorization Description:: + -- -Authorization section for the API server. +authorization section for the API server. Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`. @@ -4117,15 +4121,15 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `credentialsFile` | `string` -| File to read a secret from, mutually exclusive with `credentials`. +| credentialsFile defines the file to read a secret from, mutually exclusive with `credentials`. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -4136,7 +4140,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -4172,7 +4176,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth configuration for the API server. +basicAuth configuration for the API server. Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`. @@ -4190,12 +4194,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -4203,7 +4207,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -4240,7 +4244,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -4277,7 +4281,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -4342,7 +4346,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS Config to use for the API server. +tlsConfig to use for the API server. -- Type:: @@ -4357,54 +4361,54 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `caFile` | `string` -| Path to the CA cert in the Prometheus container to use for the targets. +| caFile defines the path to the CA cert in the Prometheus container to use for the targets. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `certFile` | `string` -| Path to the client cert file in the Prometheus container for the targets. +| certFile defines the path to the client cert file in the Prometheus container for the targets. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keyFile` | `string` -| Path to the client key file in the Prometheus container for the targets. +| keyFile defines the path to the client key file in the Prometheus container for the targets. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.apiserverConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -4419,18 +4423,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.apiserverConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4466,7 +4470,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4502,7 +4506,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -4517,18 +4521,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.apiserverConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -4564,7 +4568,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -4600,7 +4604,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -4636,7 +4640,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -When true, ServiceMonitor, PodMonitor and Probe object are forbidden to +arbitraryFSAccessThroughSMs when true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value @@ -4660,14 +4664,17 @@ Type:: | `deny` | `boolean` -| +| deny prevents service monitors from accessing arbitrary files on the file system. +When true, service monitors cannot use file-based configurations like BearerTokenFile +that could potentially access sensitive files. When false (default), such access is allowed. +Setting this to true enhances security by preventing potential credential theft attacks. |=== === .spec.containers Description:: + -- -Containers allows injecting additional containers or modifying operator +containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated @@ -4743,8 +4750,8 @@ Cannot be updated. | `envFrom` | `array` | List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -4824,10 +4831,10 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co | `restartPolicy` | `string` | RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, +This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: +Additionally, setting the RestartPolicy as "Always" for the init container will +have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" @@ -4839,6 +4846,24 @@ container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. + | `securityContext` | `object` | SecurityContext defines the security options the container should be run with. @@ -4956,7 +4981,8 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. +May consist of any printable ASCII characters except '='. | `value` | `string` @@ -5001,6 +5027,11 @@ Type:: | Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| `fileKeyRef` +| `object` +| FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + | `resourceFieldRef` | `object` | Selects a resource of the container: only resources limits and requests @@ -5075,6 +5106,54 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.containers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. +-- + +Type:: + `object` + +Required:: + - `key` + - `path` + - `volumeName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.containers[].env[].valueFrom.resourceFieldRef Description:: @@ -5150,8 +5229,8 @@ Description:: + -- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -5186,7 +5265,8 @@ Type:: | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. +May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -6368,7 +6448,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -6397,7 +6477,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -6440,6 +6520,93 @@ inside a container. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.containers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.containers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements +are satisfied. The only possible value is "Restart" to restart the +container. + +| `exitCodes` +| `object` +| Represents the exit codes to check on container exits. + +|=== +=== .spec.containers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +Represents the exit codes to check on container exits. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the +specified values. Possible values are: +- In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. +At most 255 elements are allowed. + |=== === .spec.containers[].securityContext Description:: @@ -7130,7 +7297,7 @@ SubPathExpr and SubPath are mutually exclusive. Description:: + -- -Defines the DNS configuration for the pods. +dnsConfig defines the DNS configuration for the pods. -- Type:: @@ -7145,12 +7312,12 @@ Type:: | `nameservers` | `array (string)` -| A list of DNS name server IP addresses. +| nameservers defines the list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. | `options` | `array` -| A list of DNS resolver options. +| options defines the list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Resolution options given in Options will override those that appear in the base DNSPolicy. @@ -7161,7 +7328,7 @@ will override those that appear in the base DNSPolicy. | `searches` | `array (string)` -| A list of DNS search domains for host-name lookup. +| searches defines the list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. |=== @@ -7169,7 +7336,7 @@ This will be appended to the base search paths generated from DNSPolicy. Description:: + -- -A list of DNS resolver options. +options defines the list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Resolution options given in Options will override those that appear in the base DNSPolicy. @@ -7202,18 +7369,18 @@ Required:: | `name` | `string` -| Name is required and must be unique. +| name is required and must be unique. | `value` | `string` -| Value is optional. +| value is optional. |=== === .spec.excludedFromEnforcement Description:: + -- -List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects +excludedFromEnforcement defines the list of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. It is only applicable if `spec.enforcedNamespaceLabel` set to true. @@ -7247,27 +7414,27 @@ Required:: | `group` | `string` -| Group of the referent. When not specified, it defaults to `monitoring.coreos.com` +| group of the referent. When not specified, it defaults to `monitoring.coreos.com` | `name` | `string` -| Name of the referent. When not set, all resources in the namespace are matched. +| name of the referent. When not set, all resources in the namespace are matched. | `namespace` | `string` -| Namespace of the referent. +| namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ | `resource` | `string` -| Resource of the referent. +| resource of the referent. |=== === .spec.exemplars Description:: + -- -Exemplars related settings that are runtime reloadable. +exemplars related settings that are runtime reloadable. It requires to enable the `exemplar-storage` feature flag to be effective. -- @@ -7283,7 +7450,7 @@ Type:: | `maxSize` | `integer` -| Maximum number of exemplars stored in memory for all series. +| maxSize defines the maximum number of exemplars stored in memory for all series. exemplar-storage itself must be enabled using the `spec.enableFeature` option for exemplars to be scraped in the first place. @@ -7296,7 +7463,7 @@ than zero disables the storage. Description:: + -- -Optional list of hosts and IPs that will be injected into the Pod's +hostAliases defines the optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. -- @@ -7329,18 +7496,18 @@ Required:: | `hostnames` | `array (string)` -| Hostnames for the above IP address. +| hostnames defines hostnames for the above IP address. | `ip` | `string` -| IP address of the host file entry. +| ip defines the IP address of the host file entry. |=== === .spec.imagePullSecrets Description:: + -- -An optional list of references to Secrets in the same namespace +imagePullSecrets defines an optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod -- @@ -7382,7 +7549,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -InitContainers allows injecting initContainers to the Pod definition. Those +initContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: @@ -7458,8 +7625,8 @@ Cannot be updated. | `envFrom` | `array` | List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -7539,10 +7706,10 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co | `restartPolicy` | `string` | RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, +This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: +Additionally, setting the RestartPolicy as "Always" for the init container will +have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" @@ -7554,6 +7721,24 @@ container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. + | `securityContext` | `object` | SecurityContext defines the security options the container should be run with. @@ -7671,7 +7856,8 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. +May consist of any printable ASCII characters except '='. | `value` | `string` @@ -7716,6 +7902,11 @@ Type:: | Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| `fileKeyRef` +| `object` +| FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + | `resourceFieldRef` | `object` | Selects a resource of the container: only resources limits and requests @@ -7790,6 +7981,54 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.initContainers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. +-- + +Type:: + `object` + +Required:: + - `key` + - `path` + - `volumeName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.initContainers[].env[].valueFrom.resourceFieldRef Description:: @@ -7865,8 +8104,8 @@ Description:: + -- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -7901,7 +8140,8 @@ Type:: | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. +May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -9083,7 +9323,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -9112,7 +9352,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -9155,6 +9395,93 @@ inside a container. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.initContainers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.initContainers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements +are satisfied. The only possible value is "Restart" to restart the +container. + +| `exitCodes` +| `object` +| Represents the exit codes to check on container exits. + +|=== +=== .spec.initContainers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +Represents the exit codes to check on container exits. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the +specified values. Possible values are: +- In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. +At most 255 elements are allowed. + |=== === .spec.initContainers[].securityContext Description:: @@ -9845,7 +10172,7 @@ SubPathExpr and SubPath are mutually exclusive. Description:: + -- -Settings related to the OTLP receiver feature. +otlp defines the settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. -- @@ -9861,38 +10188,44 @@ Type:: | `convertHistogramsToNHCB` | `boolean` -| Configures optional translation of OTLP explicit bucket histograms into native histograms with custom buckets. +| convertHistogramsToNHCB defines optional translation of OTLP explicit bucket histograms into native histograms with custom buckets. It requires Prometheus >= v3.4.0. | `ignoreResourceAttributes` | `array (string)` -| List of OpenTelemetry resource attributes to ignore when `promoteAllResourceAttributes` is true. +| ignoreResourceAttributes defines the list of OpenTelemetry resource attributes to ignore when `promoteAllResourceAttributes` is true. It requires `promoteAllResourceAttributes` to be true. It requires Prometheus >= v3.5.0. | `keepIdentifyingResourceAttributes` | `boolean` -| Enables adding `service.name`, `service.namespace` and `service.instance.id` +| keepIdentifyingResourceAttributes enables adding `service.name`, `service.namespace` and `service.instance.id` resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. It requires Prometheus >= v3.1.0. | `promoteAllResourceAttributes` | `boolean` -| Promote all resource attributes to metric labels except the ones defined in `ignoreResourceAttributes`. +| promoteAllResourceAttributes promotes all resource attributes to metric labels except the ones defined in `ignoreResourceAttributes`. Cannot be true when `promoteResourceAttributes` is defined. It requires Prometheus >= v3.5.0. | `promoteResourceAttributes` | `array (string)` -| List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. +| promoteResourceAttributes defines the list of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. Cannot be defined when `promoteAllResourceAttributes` is true. +| `promoteScopeMetadata` +| `boolean` +| promoteScopeMetadata controls whether to promote OpenTelemetry scope metadata (i.e. name, version, schema URL, and attributes) to metric labels. +As per the OpenTelemetry specification, the aforementioned scope metadata should be identifying, i.e. made into metric labels. +It requires Prometheus >= v3.6.0. + | `translationStrategy` | `string` -| Configures how the OTLP receiver endpoint translates the incoming metrics. +| translationStrategy defines how the OTLP receiver endpoint translates the incoming metrics. It requires Prometheus >= v3.0.0. @@ -9901,7 +10234,7 @@ It requires Prometheus >= v3.0.0. Description:: + -- -The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. +persistentVolumeClaimRetentionPolicy defines the field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate. @@ -9937,7 +10270,7 @@ the replica count to be deleted. Description:: + -- -PodMetadata configures labels and annotations which are propagated to the Prometheus pods. +podMetadata defines labels and annotations which are propagated to the Prometheus pods. The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. @@ -9962,21 +10295,21 @@ Type:: | `annotations` | `object (string)` -| Annotations is an unstructured key value map stored with a resource that may be +| annotations defines an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | `labels` | `object (string)` -| Map of string keys and values that can be used to organize and categorize +| labels define the map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | `name` | `string` -| Name must be unique within a namespace. Is required when creating resources, although +| name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. @@ -9988,7 +10321,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Namespaces to match for PodMonitors discovery. An empty label selector +podMonitorNamespaceSelector defines the namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only. -- @@ -10074,7 +10407,7 @@ merge patch. Description:: + -- -PodMonitors to be selected for target discovery. An empty label selector +podMonitorSelector defines the podMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` @@ -10168,7 +10501,7 @@ merge patch. Description:: + -- -Namespaces to match for Probe discovery. An empty label +probeNamespaceSelector defines the namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. -- @@ -10254,7 +10587,7 @@ merge patch. Description:: + -- -Probes to be selected for target discovery. An empty label selector +probeSelector defines the probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` @@ -10348,7 +10681,7 @@ merge patch. Description:: + -- -Defines the list of PrometheusRule objects to which the namespace label +prometheusRulesExcludedFromEnforce defines the list of PrometheusRule objects to which the namespace label enforcement doesn't apply. This is only relevant when `spec.enforcedNamespaceLabel` is set to true. Deprecated: use `spec.excludedFromEnforcement` instead. @@ -10384,18 +10717,18 @@ Required:: | `ruleName` | `string` -| Name of the excluded PrometheusRule object. +| ruleName defines the name of the excluded PrometheusRule object. | `ruleNamespace` | `string` -| Namespace of the excluded PrometheusRule object. +| ruleNamespace defines the namespace of the excluded PrometheusRule object. |=== === .spec.query Description:: + -- -QuerySpec defines the configuration of the Promethus query service. +query defines the configuration of the Prometheus query service. -- Type:: @@ -10410,28 +10743,28 @@ Type:: | `lookbackDelta` | `string` -| The delta difference allowed for retrieving metrics during expression evaluations. +| lookbackDelta defines the delta difference allowed for retrieving metrics during expression evaluations. | `maxConcurrency` | `integer` -| Number of concurrent queries that can be run at once. +| maxConcurrency defines the number of concurrent queries that can be run at once. | `maxSamples` | `integer` -| Maximum number of samples a single query can load into memory. Note that +| maxSamples defines the maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return. | `timeout` | `string` -| Maximum time a query may take before being aborted. +| timeout defines the maximum time a query may take before being aborted. |=== === .spec.remoteRead Description:: + -- -Defines the list of remote read configurations. +remoteRead defines the list of remote read configurations. -- Type:: @@ -10462,7 +10795,7 @@ Required:: | `authorization` | `object` -| Authorization section for the URL. +| authorization section for the URL. It requires Prometheus >= v2.26.0. @@ -10470,44 +10803,43 @@ Cannot be set at the same time as `basicAuth`, or `oauth2`. | `basicAuth` | `object` -| BasicAuth configuration for the URL. +| basicAuth configuration for the URL. Cannot be set at the same time as `authorization`, or `oauth2`. | `bearerToken` | `string` -| *Warning: this field shouldn't be used because the token value appears +| bearerToken is deprecated: this will be removed in a future release. +*Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* -Deprecated: this will be removed in a future release. - | `bearerTokenFile` | `string` -| File from which to read the bearer token for the URL. +| bearerTokenFile defines the file from which to read the bearer token for the URL. Deprecated: this will be removed in a future release. Prefer using `authorization`. | `filterExternalLabels` | `boolean` -| Whether to use the external labels as selectors for the remote read endpoint. +| filterExternalLabels defines whether to use the external labels as selectors for the remote read endpoint. It requires Prometheus >= v2.34.0. | `followRedirects` | `boolean` -| Configure whether HTTP requests follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. It requires Prometheus >= v2.26.0. | `headers` | `object (string)` -| Custom HTTP headers to be sent along with each remote read request. +| headers defines the custom HTTP headers to be sent along with each remote read request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.26.0 and newer. | `name` | `string` -| The name of the remote read queue, it must be unique if specified. The +| name of the remote read queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. @@ -10515,7 +10847,7 @@ It requires Prometheus >= v2.15.0. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -10523,7 +10855,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 configuration for the URL. +| oauth2 configuration for the URL. It requires Prometheus >= v2.27.0. @@ -10531,14 +10863,14 @@ Cannot be set at the same time as `authorization`, or `basicAuth`. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader{}` | `array` -| +| | `proxyConnectHeader{}[]` | `object` @@ -10546,42 +10878,42 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `readRecent` | `boolean` -| Whether reads should be made for queries for time ranges that +| readRecent defines whether reads should be made for queries for time ranges that the local storage should have complete data for. | `remoteTimeout` | `string` -| Timeout for requests to the remote read endpoint. +| remoteTimeout defines the timeout for requests to the remote read endpoint. | `requiredMatchers` | `object (string)` -| An optional list of equality matchers which have to be present +| requiredMatchers defines an optional list of equality matchers which have to be present in a selector to query the remote read endpoint. | `tlsConfig` | `object` -| TLS Config to use for the URL. +| tlsConfig to use for the URL. | `url` | `string` -| The URL of the endpoint to query from. +| url defines the URL of the endpoint to query from. |=== === .spec.remoteRead[].authorization Description:: + -- -Authorization section for the URL. +authorization section for the URL. It requires Prometheus >= v2.26.0. @@ -10600,15 +10932,15 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `credentialsFile` | `string` -| File to read a secret from, mutually exclusive with `credentials`. +| credentialsFile defines the file to read a secret from, mutually exclusive with `credentials`. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -10619,7 +10951,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -10655,7 +10987,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -BasicAuth configuration for the URL. +basicAuth configuration for the URL. Cannot be set at the same time as `authorization`, or `oauth2`. -- @@ -10672,12 +11004,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -10685,7 +11017,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -10722,7 +11054,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -10759,7 +11091,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -OAuth2 configuration for the URL. +oauth2 configuration for the URL. It requires Prometheus >= v2.27.0. @@ -10782,22 +11114,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -10805,14 +11137,14 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader{}` | `array` -| +| | `proxyConnectHeader{}[]` | `object` @@ -10820,33 +11152,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.remoteRead[].oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -10862,18 +11194,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteRead[].oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -10909,7 +11241,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -10945,7 +11277,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -10982,7 +11314,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -11047,7 +11379,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -11063,42 +11395,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.remoteRead[].oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -11113,18 +11445,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteRead[].oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -11160,7 +11492,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -11196,7 +11528,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -11211,18 +11543,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteRead[].oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -11258,7 +11590,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -11294,7 +11626,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -11330,7 +11662,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -11395,7 +11727,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS Config to use for the URL. +tlsConfig to use for the URL. -- Type:: @@ -11410,54 +11742,54 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `caFile` | `string` -| Path to the CA cert in the Prometheus container to use for the targets. +| caFile defines the path to the CA cert in the Prometheus container to use for the targets. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `certFile` | `string` -| Path to the client cert file in the Prometheus container for the targets. +| certFile defines the path to the client cert file in the Prometheus container for the targets. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keyFile` | `string` -| Path to the client key file in the Prometheus container for the targets. +| keyFile defines the path to the client key file in the Prometheus container for the targets. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.remoteRead[].tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -11472,18 +11804,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteRead[].tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -11519,7 +11851,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -11555,7 +11887,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -11570,18 +11902,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteRead[].tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -11617,7 +11949,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -11653,7 +11985,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -11689,7 +12021,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Defines the list of remote write configurations. +remoteWrite defines the list of remote write configurations. -- Type:: @@ -11720,7 +12052,7 @@ Required:: | `authorization` | `object` -| Authorization section for the URL. +| authorization section for the URL. It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. @@ -11728,7 +12060,7 @@ Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. | `azureAd` | `object` -| AzureAD for the URL. +| azureAd for the URL. It requires Prometheus >= v2.45.0 or Thanos >= v0.31.0. @@ -11736,43 +12068,42 @@ Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `si | `basicAuth` | `object` -| BasicAuth configuration for the URL. +| basicAuth configuration for the URL. Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. | `bearerToken` | `string` -| *Warning: this field shouldn't be used because the token value appears +| bearerToken is deprecated: this will be removed in a future release. +*Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* -Deprecated: this will be removed in a future release. - | `bearerTokenFile` | `string` -| File from which to read bearer token for the URL. +| bearerTokenFile defines the file from which to read bearer token for the URL. Deprecated: this will be removed in a future release. Prefer using `authorization`. | `enableHTTP2` | `boolean` -| Whether to enable HTTP2. +| enableHTTP2 defines whether to enable HTTP2. | `followRedirects` | `boolean` -| Configure whether HTTP requests follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. | `headers` | `object (string)` -| Custom HTTP headers to be sent along with each remote write request. +| headers defines the custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. It requires Prometheus >= v2.25.0 or Thanos >= v0.24.0. | `messageVersion` | `string` -| The Remote Write message's version to use when writing to the endpoint. +| messageVersion defines the Remote Write message's version to use when writing to the endpoint. `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. @@ -11787,18 +12118,18 @@ It requires Prometheus >= v2.54.0 or Thanos >= v0.37.0. | `metadataConfig` | `object` -| MetadataConfig configures the sending of series metadata to the remote storage. +| metadataConfig defines how to send a series metadata to the remote storage. | `name` | `string` -| The name of the remote write queue, it must be unique if specified. The +| name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. It requires Prometheus >= v2.15.0 or Thanos >= 0.24.0. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -11806,7 +12137,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 configuration for the URL. +| oauth2 configuration for the URL. It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. @@ -11814,14 +12145,14 @@ Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azu | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader{}` | `array` -| +| | `proxyConnectHeader{}[]` | `object` @@ -11829,40 +12160,42 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `queueConfig` | `object` -| QueueConfig allows tuning of the remote write queue parameters. +| queueConfig allows tuning of the remote write queue parameters. | `remoteTimeout` | `string` -| Timeout for requests to the remote write endpoint. +| remoteTimeout defines the timeout for requests to the remote write endpoint. | `roundRobinDNS` | `boolean` -| When enabled: - - The remote-write mechanism will resolve the hostname via DNS. - - It will randomly select one of the resolved IP addresses and connect to it. +| roundRobinDNS controls the DNS resolution behavior for remote-write connections. +When enabled: + - The remote-write mechanism will resolve the hostname via DNS. + - It will randomly select one of the resolved IP addresses and connect to it. When disabled (default behavior): - - The Go standard library will handle hostname resolution. - - It will attempt connections to each resolved IP address sequentially. + - The Go standard library will handle hostname resolution. + - It will attempt connections to each resolved IP address sequentially. Note: The connection timeout applies to the entire resolution and connection process. - If disabled, the timeout is distributed across all connection attempts. + + If disabled, the timeout is distributed across all connection attempts. It requires Prometheus >= v3.1.0 or Thanos >= v0.38.0. | `sendExemplars` | `boolean` -| Enables sending of exemplars over remote write. Note that +| sendExemplars enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the `spec.enableFeatures` option for exemplars to be scraped in the first place. @@ -11870,14 +12203,14 @@ It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. | `sendNativeHistograms` | `boolean` -| Enables sending of native histograms, also known as sparse histograms +| sendNativeHistograms enables sending of native histograms, also known as sparse histograms over remote write. It requires Prometheus >= v2.40.0 or Thanos >= v0.30.0. | `sigv4` | `object` -| Sigv4 allows to configures AWS's Signature Verification 4 for the URL. +| sigv4 defines the AWS's Signature Verification 4 for the URL. It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. @@ -11885,15 +12218,15 @@ Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `az | `tlsConfig` | `object` -| TLS Config to use for the URL. +| tlsConfig to use for the URL. | `url` | `string` -| The URL of the endpoint to send samples to. +| url defines the URL of the endpoint to send samples to. | `writeRelabelConfigs` | `array` -| The list of remote write relabel configurations. +| writeRelabelConfigs defines the list of remote write relabel configurations. | `writeRelabelConfigs[]` | `object` @@ -11907,7 +12240,7 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat Description:: + -- -Authorization section for the URL. +authorization section for the URL. It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. @@ -11926,15 +12259,15 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `credentialsFile` | `string` -| File to read a secret from, mutually exclusive with `credentials`. +| credentialsFile defines the file to read a secret from, mutually exclusive with `credentials`. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -11945,7 +12278,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -11981,7 +12314,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -AzureAD for the URL. +azureAd for the URL. It requires Prometheus >= v2.45.0 or Thanos >= v0.31.0. @@ -12000,23 +12333,23 @@ Type:: | `cloud` | `string` -| The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'. +| cloud defines the Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'. | `managedIdentity` | `object` -| ManagedIdentity defines the Azure User-assigned Managed identity. +| managedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as `oauth` or `sdk`. | `oauth` | `object` -| OAuth defines the oauth config that is being used to authenticate. +| oauth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0. | `sdk` | `object` -| SDK defines the Azure SDK config that is being used to authenticate. +| sdk defines the Azure SDK config that is being used to authenticate. See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. @@ -12027,7 +12360,7 @@ It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0. Description:: + -- -ManagedIdentity defines the Azure User-assigned Managed identity. +managedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as `oauth` or `sdk`. -- @@ -12045,14 +12378,14 @@ Required:: | `clientId` | `string` -| The client id +| clientId defines defines the Azure User-assigned Managed identity. |=== === .spec.remoteWrite[].azureAd.oauth Description:: + -- -OAuth defines the oauth config that is being used to authenticate. +oauth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0. @@ -12074,22 +12407,22 @@ Required:: | `clientId` | `string` -| `clientID` is the clientId of the Azure Active Directory application that is being used to authenticate. +| clientId defines the clientId of the Azure Active Directory application that is being used to authenticate. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate. +| clientSecret specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate. | `tenantId` | `string` -| `tenantId` is the tenant ID of the Azure Active Directory application that is being used to authenticate. +| tenantId is the tenant ID of the Azure Active Directory application that is being used to authenticate. |=== === .spec.remoteWrite[].azureAd.oauth.clientSecret Description:: + -- -`clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate. +clientSecret specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate. -- Type:: @@ -12125,7 +12458,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -SDK defines the Azure SDK config that is being used to authenticate. +sdk defines the Azure SDK config that is being used to authenticate. See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. @@ -12144,14 +12477,14 @@ Type:: | `tenantId` | `string` -| `tenantId` is the tenant ID of the azure active directory application that is being used to authenticate. +| tenantId defines the tenant ID of the azure active directory application that is being used to authenticate. |=== === .spec.remoteWrite[].basicAuth Description:: + -- -BasicAuth configuration for the URL. +basicAuth configuration for the URL. Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. -- @@ -12168,12 +12501,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -12181,7 +12514,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -12218,7 +12551,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -12255,7 +12588,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -MetadataConfig configures the sending of series metadata to the remote storage. +metadataConfig defines how to send a series metadata to the remote storage. -- Type:: @@ -12270,24 +12603,24 @@ Type:: | `maxSamplesPerSend` | `integer` -| MaxSamplesPerSend is the maximum number of metadata samples per send. +| maxSamplesPerSend defines the maximum number of metadata samples per send. It requires Prometheus >= v2.29.0. | `send` | `boolean` -| Defines whether metric metadata is sent to the remote storage or not. +| send defines whether metric metadata is sent to the remote storage or not. | `sendInterval` | `string` -| Defines how frequently metric metadata is sent to the remote storage. +| sendInterval defines how frequently metric metadata is sent to the remote storage. |=== === .spec.remoteWrite[].oauth2 Description:: + -- -OAuth2 configuration for the URL. +oauth2 configuration for the URL. It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. @@ -12310,22 +12643,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -12333,14 +12666,14 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader{}` | `array` -| +| | `proxyConnectHeader{}[]` | `object` @@ -12348,33 +12681,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.remoteWrite[].oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -12390,18 +12723,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteWrite[].oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -12437,7 +12770,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -12473,7 +12806,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -12510,7 +12843,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -12575,7 +12908,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -12591,42 +12924,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.remoteWrite[].oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -12641,18 +12974,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteWrite[].oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -12688,7 +13021,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -12724,7 +13057,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -12739,18 +13072,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteWrite[].oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -12786,7 +13119,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -12822,7 +13155,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -12858,7 +13191,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -12923,7 +13256,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -QueueConfig allows tuning of the remote write queue parameters. +queueConfig allows tuning of the remote write queue parameters. -- Type:: @@ -12938,47 +13271,47 @@ Type:: | `batchSendDeadline` | `string` -| BatchSendDeadline is the maximum time a sample will wait in buffer. +| batchSendDeadline defines the maximum time a sample will wait in buffer. | `capacity` | `integer` -| Capacity is the number of samples to buffer per shard before we start +| capacity defines the number of samples to buffer per shard before we start dropping them. | `maxBackoff` | `string` -| MaxBackoff is the maximum retry delay. +| maxBackoff defines the maximum retry delay. | `maxRetries` | `integer` -| MaxRetries is the maximum number of times to retry a batch on recoverable errors. +| maxRetries defines the maximum number of times to retry a batch on recoverable errors. | `maxSamplesPerSend` | `integer` -| MaxSamplesPerSend is the maximum number of samples per send. +| maxSamplesPerSend defines the maximum number of samples per send. | `maxShards` | `integer` -| MaxShards is the maximum number of shards, i.e. amount of concurrency. +| maxShards defines the maximum number of shards, i.e. amount of concurrency. | `minBackoff` | `string` -| MinBackoff is the initial retry delay. Gets doubled for every retry. +| minBackoff defines the initial retry delay. Gets doubled for every retry. | `minShards` | `integer` -| MinShards is the minimum number of shards, i.e. amount of concurrency. +| minShards defines the minimum number of shards, i.e. amount of concurrency. | `retryOnRateLimit` | `boolean` -| Retry upon receiving a 429 status code from the remote-write storage. +| retryOnRateLimit defines the retry upon receiving a 429 status code from the remote-write storage. This is an *experimental feature*, it may change in any upcoming release in a breaking way. | `sampleAgeLimit` | `string` -| SampleAgeLimit drops samples older than the limit. +| sampleAgeLimit drops samples older than the limit. It requires Prometheus >= v2.50.0 or Thanos >= v0.32.0. |=== @@ -12986,7 +13319,7 @@ It requires Prometheus >= v2.50.0 or Thanos >= v0.32.0. Description:: + -- -Sigv4 allows to configures AWS's Signature Verification 4 for the URL. +sigv4 defines the AWS's Signature Verification 4 for the URL. It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. @@ -13005,32 +13338,37 @@ Type:: | `accessKey` | `object` -| AccessKey is the AWS API key. If not specified, the environment variable +| accessKey defines the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. | `profile` | `string` -| Profile is the named AWS profile used to authenticate. +| profile defines the named AWS profile used to authenticate. | `region` | `string` -| Region is the AWS region. If blank, the region from the default credentials chain used. +| region defines the AWS region. If blank, the region from the default credentials chain used. | `roleArn` | `string` -| RoleArn is the named AWS profile used to authenticate. +| roleArn defines the named AWS profile used to authenticate. | `secretKey` | `object` -| SecretKey is the AWS API secret. If not specified, the environment +| secretKey defines the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. +| `useFIPSSTSEndpoint` +| `boolean` +| useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. +It requires Prometheus >= v2.54.0. + |=== === .spec.remoteWrite[].sigv4.accessKey Description:: + -- -AccessKey is the AWS API key. If not specified, the environment variable +accessKey defines the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. -- @@ -13067,7 +13405,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -SecretKey is the AWS API secret. If not specified, the environment +secretKey defines the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. -- @@ -13104,7 +13442,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS Config to use for the URL. +tlsConfig to use for the URL. -- Type:: @@ -13119,54 +13457,54 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `caFile` | `string` -| Path to the CA cert in the Prometheus container to use for the targets. +| caFile defines the path to the CA cert in the Prometheus container to use for the targets. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `certFile` | `string` -| Path to the client cert file in the Prometheus container for the targets. +| certFile defines the path to the client cert file in the Prometheus container for the targets. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keyFile` | `string` -| Path to the client key file in the Prometheus container for the targets. +| keyFile defines the path to the client key file in the Prometheus container for the targets. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.remoteWrite[].tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -13181,18 +13519,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteWrite[].tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -13228,7 +13566,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -13264,7 +13602,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -13279,18 +13617,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteWrite[].tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -13326,7 +13664,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -13362,7 +13700,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -13398,7 +13736,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The list of remote write relabel configurations. +writeRelabelConfigs defines the list of remote write relabel configurations. -- Type:: @@ -13429,7 +13767,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -13438,34 +13776,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -13477,7 +13815,7 @@ Regex capture groups are available. Description:: + -- -Defines the resources requests and limits of the 'prometheus' container. +resources defines the resources requests and limits of the 'prometheus' container. -- Type:: @@ -13495,7 +13833,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -13524,7 +13862,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -13572,7 +13910,7 @@ only the result of this request. Description:: + -- -Namespaces to match for PrometheusRule discovery. An empty label selector +ruleNamespaceSelector defines the namespaces to match for PrometheusRule discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. -- @@ -13658,7 +13996,7 @@ merge patch. Description:: + -- -PrometheusRule objects to be selected for rule evaluation. An empty +ruleSelector defines the prometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects. -- @@ -13744,7 +14082,7 @@ merge patch. Description:: + -- -Defines the configuration of the Prometheus rules' engine. +rules defines the configuration of the Prometheus rules' engine. -- Type:: @@ -13759,7 +14097,7 @@ Type:: | `alert` | `object` -| Defines the parameters of the Prometheus rules' engine. +| alert defines the parameters of the Prometheus rules' engine. Any update to these parameters trigger a restart of the pods. @@ -13768,7 +14106,7 @@ Any update to these parameters trigger a restart of the pods. Description:: + -- -Defines the parameters of the Prometheus rules' engine. +alert defines the parameters of the Prometheus rules' engine. Any update to these parameters trigger a restart of the pods. -- @@ -13785,19 +14123,19 @@ Type:: | `forGracePeriod` | `string` -| Minimum duration between alert and restored 'for' state. +| forGracePeriod defines the minimum duration between alert and restored 'for' state. This is maintained only for alerts with a configured 'for' time greater than the grace period. | `forOutageTolerance` | `string` -| Max time to tolerate prometheus outage for restoring 'for' state of +| forOutageTolerance defines the max time to tolerate prometheus outage for restoring 'for' state of alert. | `resendDelay` | `string` -| Minimum amount of time to wait before resending an alert to +| resendDelay defines the minimum amount of time to wait before resending an alert to Alertmanager. |=== @@ -13805,7 +14143,7 @@ Alertmanager. Description:: + -- -RuntimeConfig configures the values for the Prometheus process behavior +runtime defines the values for the Prometheus process behavior -- Type:: @@ -13820,7 +14158,7 @@ Type:: | `goGC` | `integer` -| The Go garbage collection target percentage. Lowering this number may increase the CPU usage. +| goGC defines the Go garbage collection target percentage. Lowering this number may increase the CPU usage. See: https://tip.golang.org/doc/gc-guide#GOGC |=== @@ -13828,7 +14166,7 @@ See: https://tip.golang.org/doc/gc-guide#GOGC Description:: + -- -List of scrape classes to expose to scraping objects such as +scrapeClasses defines the list of scrape classes to expose to scraping objects such as PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. This is an *experimental feature*, it may change in any upcoming release @@ -13862,32 +14200,32 @@ Required:: | `attachMetadata` | `object` -| AttachMetadata configures additional metadata to the discovered targets. +| attachMetadata defines additional metadata to the discovered targets. When the scrape object defines its own configuration, it takes precedence over the scrape class configuration. | `authorization` | `object` -| Authorization section for the ScrapeClass. +| authorization section for the ScrapeClass. It will only apply if the scrape resource doesn't specify any Authorization. | `default` | `boolean` -| Default indicates that the scrape applies to all scrape objects that +| default defines that the scrape applies to all scrape objects that don't configure an explicit scrape class name. Only one scrape class can be set as the default. | `fallbackScrapeProtocol` | `string` -| The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. +| fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol It requires Prometheus >= v3.0.0. | `metricRelabelings` | `array` -| MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. +| metricRelabelings defines the relabeling rules to apply to all samples before ingestion. The Operator adds the scrape class metric relabelings defined here. Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. @@ -13904,14 +14242,14 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat | `name` | `string` -| Name of the scrape class. +| name of the scrape class. | `relabelings` | `array` -| Relabelings configures the relabeling rules to apply to all scrape targets. +| relabelings defines the relabeling rules to apply to all scrape targets. The Operator automatically adds relabelings for a few standard Kubernetes fields -like `\__meta_kubernetes_namespace` and `\__meta_kubernetes_service_name`. +like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. Then the Operator adds the scrape class relabelings defined here. Then the Operator adds the target-specific relabelings defined in the scrape object. @@ -13926,7 +14264,7 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat | `tlsConfig` | `object` -| TLSConfig defines the TLS settings to use for the scrape. When the +| tlsConfig defines the TLS settings to use for the scrape. When the scrape objects define their own CA, certificate and/or key, they take precedence over the corresponding scrape class fields. @@ -13937,7 +14275,7 @@ For now only the `caFile`, `certFile` and `keyFile` fields are supported. Description:: + -- -AttachMetadata configures additional metadata to the discovered targets. +attachMetadata defines additional metadata to the discovered targets. When the scrape object defines its own configuration, it takes precedence over the scrape class configuration. -- @@ -13954,7 +14292,7 @@ Type:: | `node` | `boolean` -| When set to true, Prometheus attaches node metadata to the discovered +| node when set to true, Prometheus attaches node metadata to the discovered targets. The Prometheus service account must have the `list` and `watch` @@ -13965,7 +14303,7 @@ permissions on the `Nodes` objects. Description:: + -- -Authorization section for the ScrapeClass. +authorization section for the ScrapeClass. It will only apply if the scrape resource doesn't specify any Authorization. -- @@ -13981,15 +14319,15 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `credentialsFile` | `string` -| File to read a secret from, mutually exclusive with `credentials`. +| credentialsFile defines the file to read a secret from, mutually exclusive with `credentials`. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -14000,7 +14338,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -14036,7 +14374,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. +metricRelabelings defines the relabeling rules to apply to all samples before ingestion. The Operator adds the scrape class metric relabelings defined here. Then the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs. @@ -14073,7 +14411,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -14082,34 +14420,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -14121,10 +14459,10 @@ Regex capture groups are available. Description:: + -- -Relabelings configures the relabeling rules to apply to all scrape targets. +relabelings defines the relabeling rules to apply to all scrape targets. The Operator automatically adds relabelings for a few standard Kubernetes fields -like `\__meta_kubernetes_namespace` and `\__meta_kubernetes_service_name`. +like `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`. Then the Operator adds the scrape class relabelings defined here. Then the Operator adds the target-specific relabelings defined in the scrape object. @@ -14159,7 +14497,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -14168,34 +14506,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -14207,7 +14545,7 @@ Regex capture groups are available. Description:: + -- -TLSConfig defines the TLS settings to use for the scrape. When the +tlsConfig defines the TLS settings to use for the scrape. When the scrape objects define their own CA, certificate and/or key, they take precedence over the corresponding scrape class fields. @@ -14226,54 +14564,54 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `caFile` | `string` -| Path to the CA cert in the Prometheus container to use for the targets. +| caFile defines the path to the CA cert in the Prometheus container to use for the targets. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `certFile` | `string` -| Path to the client cert file in the Prometheus container for the targets. +| certFile defines the path to the client cert file in the Prometheus container for the targets. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keyFile` | `string` -| Path to the client key file in the Prometheus container for the targets. +| keyFile defines the path to the client key file in the Prometheus container for the targets. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.scrapeClasses[].tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -14288,18 +14626,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.scrapeClasses[].tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -14335,7 +14673,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -14371,7 +14709,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -14386,18 +14724,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.scrapeClasses[].tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -14433,7 +14771,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -14469,7 +14807,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -14505,7 +14843,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Namespaces to match for ScrapeConfig discovery. An empty label selector +scrapeConfigNamespaceSelector defines the namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only. @@ -14593,7 +14931,7 @@ merge patch. Description:: + -- -ScrapeConfigs to be selected for target discovery. An empty label +scrapeConfigSelector defines the scrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` @@ -14689,7 +15027,7 @@ merge patch. Description:: + -- -SecurityContext holds pod-level security attributes and common container settings. +securityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. -- @@ -15041,7 +15379,7 @@ PodSecurityContext, the value specified in SecurityContext takes precedence. Description:: + -- -Namespaces to match for ServicedMonitors discovery. An empty label selector +serviceMonitorNamespaceSelector defines the namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector (default value) matches the current namespace only. -- @@ -15127,7 +15465,7 @@ merge patch. Description:: + -- -ServiceMonitors to be selected for target discovery. An empty label +serviceMonitorSelector defines the serviceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` @@ -15221,7 +15559,7 @@ merge patch. Description:: + -- -ShardRetentionPolicy defines the retention policy for the Prometheus shards. +shardRetentionPolicy defines the retention policy for the Prometheus shards. (Alpha) Using this field requires the 'PrometheusShardRetentionPolicy' feature gate to be enabled. The final goals for this feature can be seen at https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/proposals/202310-shard-autoscaling.md#graceful-scale-down-of-prometheus-servers, @@ -15241,12 +15579,12 @@ Type:: | `retain` | `object` -| Defines the config for retention when the retention policy is set to `Retain`. +| retain defines the config for retention when the retention policy is set to `Retain`. This field is ineffective as of now. | `whenScaled` | `string` -| Defines the retention policy when the Prometheus shards are scaled down. +| whenScaled defines the retention policy when the Prometheus shards are scaled down. * `Delete`, the operator will delete the pods from the scaled-down shard(s). * `Retain`, the operator will keep the pods from the scaled-down shard(s), so the data can still be queried. @@ -15257,7 +15595,7 @@ If not defined, the operator assumes the `Delete` value. Description:: + -- -Defines the config for retention when the retention policy is set to `Retain`. +retain defines the config for retention when the retention policy is set to `Retain`. This field is ineffective as of now. -- @@ -15275,16 +15613,14 @@ Required:: | `retentionPeriod` | `string` -| Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. -Supported units: y, w, d, h, m, s, ms -Examples: `30s`, `1m`, `1h20m15s`, `15d` +| retentionPeriod defines the retentionPeriod for shard retention policy. |=== === .spec.storage Description:: + -- -Storage defines the storage used by Prometheus. +storage defines the storage used by Prometheus. -- Type:: @@ -15299,24 +15635,24 @@ Type:: | `disableMountSubPath` | `boolean` -| Deprecated: subPath usage will be removed in a future release. +| disableMountSubPath deprecated: subPath usage will be removed in a future release. | `emptyDir` | `object` -| EmptyDirVolumeSource to be used by the StatefulSet. +| emptyDir to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir | `ephemeral` | `object` -| EphemeralVolumeSource to be used by the StatefulSet. +| ephemeral to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes | `volumeClaimTemplate` | `object` -| Defines the PVC spec to be used by the Prometheus StatefulSets. +| volumeClaimTemplate defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. @@ -15325,7 +15661,7 @@ is to use a label selector alongside manually created PersistentVolumes. Description:: + -- -EmptyDirVolumeSource to be used by the StatefulSet. +emptyDir to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir -- @@ -15361,7 +15697,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir Description:: + -- -EphemeralVolumeSource to be used by the StatefulSet. +ephemeral to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes @@ -15554,15 +15890,13 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class- | volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. +it can be changed after the claim is created. An empty string or nil value indicates that no +VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, +this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). | `volumeMode` | `string` @@ -15801,7 +16135,7 @@ merge patch. Description:: + -- -Defines the PVC spec to be used by the Prometheus StatefulSets. +volumeClaimTemplate defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. -- @@ -15833,23 +16167,23 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- | `metadata` | `object` -| EmbeddedMetadata contains metadata relevant to an EmbeddedResource. +| metadata defines EmbeddedMetadata contains metadata relevant to an EmbeddedResource. | `spec` | `object` -| Defines the desired characteristics of a volume requested by a pod author. +| spec defines the specification of the characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | `status` | `object` -| Deprecated: this field is never set. +| status is deprecated: this field is never set. |=== === .spec.storage.volumeClaimTemplate.metadata Description:: + -- -EmbeddedMetadata contains metadata relevant to an EmbeddedResource. +metadata defines EmbeddedMetadata contains metadata relevant to an EmbeddedResource. -- Type:: @@ -15864,21 +16198,21 @@ Type:: | `annotations` | `object (string)` -| Annotations is an unstructured key value map stored with a resource that may be +| annotations defines an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | `labels` | `object (string)` -| Map of string keys and values that can be used to organize and categorize +| labels define the map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | `name` | `string` -| Name must be unique within a namespace. Is required when creating resources, although +| name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. @@ -15890,7 +16224,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Defines the desired characteristics of a volume requested by a pod author. +spec defines the specification of the characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims -- @@ -15968,15 +16302,13 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class- | volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. +it can be changed after the claim is created. An empty string or nil value indicates that no +VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, +this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). | `volumeMode` | `string` @@ -16215,7 +16547,7 @@ merge patch. Description:: + -- -Deprecated: this field is never set. +status is deprecated: this field is never set. -- Type:: @@ -16313,13 +16645,11 @@ resized then the Condition will be set to 'Resizing'. | `string` | currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim -This is a beta field and requires enabling VolumeAttributesClass feature (off by default). | `modifyVolumeStatus` | `object` | ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. -This is a beta field and requires enabling VolumeAttributesClass feature (off by default). | `phase` | `string` @@ -16396,7 +16726,6 @@ Description:: -- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. -This is a beta field and requires enabling VolumeAttributesClass feature (off by default). -- Type:: @@ -16433,7 +16762,7 @@ Note: New statuses can be added in the future. Consumers should check for unknow Description:: + -- -Defines the configuration of the optional Thanos sidecar. +thanos defines the configuration of the optional Thanos sidecar. -- Type:: @@ -16448,7 +16777,7 @@ Type:: | `additionalArgs` | `array` -| AdditionalArgs allows setting additional arguments for the Thanos container. +| additionalArgs allows setting additional arguments for the Thanos container. The arguments are passed as-is to the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the @@ -16461,11 +16790,11 @@ fail and an error will be logged. | `baseImage` | `string` -| Deprecated: use 'image' instead. +| baseImage is deprecated: use 'image' instead. | `blockSize` | `string` -| BlockDuration controls the size of TSDB blocks produced by Prometheus. +| blockSize controls the size of TSDB blocks produced by Prometheus. The default value is 2h to match the upstream Prometheus defaults. WARNING: Changing the block duration can impact the performance and @@ -16476,35 +16805,35 @@ example, 30s * 120 = 1h. | `getConfigInterval` | `string` -| How often to retrieve the Prometheus configuration. +| getConfigInterval defines how often to retrieve the Prometheus configuration. | `getConfigTimeout` | `string` -| Maximum time to wait when retrieving the Prometheus configuration. +| getConfigTimeout defines the maximum time to wait when retrieving the Prometheus configuration. | `grpcListenLocal` | `boolean` -| When true, the Thanos sidecar listens on the loopback interface instead +| grpcListenLocal defines when true, the Thanos sidecar listens on the loopback interface instead of the Pod IP's address for the gRPC endpoints. It has no effect if `listenLocal` is true. | `grpcServerTlsConfig` | `object` -| Configures the TLS parameters for the gRPC server providing the StoreAPI. +| grpcServerTlsConfig defines the TLS parameters for the gRPC server providing the StoreAPI. Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported. | `httpListenLocal` | `boolean` -| When true, the Thanos sidecar listens on the loopback interface instead +| httpListenLocal when true, the Thanos sidecar listens on the loopback interface instead of the Pod IP's address for the HTTP endpoints. It has no effect if `listenLocal` is true. | `image` | `string` -| Container image name for Thanos. If specified, it takes precedence over +| image defines the container image name for Thanos. If specified, it takes precedence over the `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha` fields. @@ -16517,26 +16846,26 @@ the time when the operator was released. | `listenLocal` | `boolean` -| Deprecated: use `grpcListenLocal` and `httpListenLocal` instead. +| listenLocal is deprecated: use `grpcListenLocal` and `httpListenLocal` instead. | `logFormat` | `string` -| Log format for the Thanos sidecar. +| logFormat for the Thanos sidecar. | `logLevel` | `string` -| Log level for the Thanos sidecar. +| logLevel for the Thanos sidecar. | `minTime` | `string` -| Defines the start of time range limit served by the Thanos sidecar's StoreAPI. +| minTime defines the start of time range limit served by the Thanos sidecar's StoreAPI. The field's value should be a constant time in RFC3339 format or a time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. | `objectStorageConfig` | `object` -| Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. +| objectStorageConfig defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. More info: https://thanos.io/tip/thanos/storage.md/ @@ -16544,7 +16873,7 @@ objectStorageConfigFile takes precedence over this field. | `objectStorageConfigFile` | `string` -| Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage. +| objectStorageConfigFile defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage. More info: https://thanos.io/tip/thanos/storage.md/ @@ -16552,24 +16881,24 @@ This field takes precedence over objectStorageConfig. | `readyTimeout` | `string` -| ReadyTimeout is the maximum time that the Thanos sidecar will wait for +| readyTimeout defines the maximum time that the Thanos sidecar will wait for Prometheus to start. | `resources` | `object` -| Defines the resources requests and limits of the Thanos sidecar. +| resources defines the resources requests and limits of the Thanos sidecar. | `sha` | `string` -| Deprecated: use 'image' instead. The image digest can be specified as part of the image name. +| sha is deprecated: use 'image' instead. The image digest can be specified as part of the image name. | `tag` | `string` -| Deprecated: use 'image' instead. The image's tag can be specified as as part of the image name. +| tag is deprecated: use 'image' instead. The image's tag can be specified as as part of the image name. | `tracingConfig` | `object` -| Defines the tracing configuration for the Thanos sidecar. +| tracingConfig defines the tracing configuration for the Thanos sidecar. `tracingConfigFile` takes precedence over this field. @@ -16580,7 +16909,7 @@ in a breaking way. | `tracingConfigFile` | `string` -| Defines the tracing configuration file for the Thanos sidecar. +| tracingConfigFile defines the tracing configuration file for the Thanos sidecar. This field takes precedence over `tracingConfig`. @@ -16591,7 +16920,7 @@ in a breaking way. | `version` | `string` -| Version of Thanos being deployed. The operator uses this information +| version of Thanos being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. If not specified, the operator assumes the latest upstream release of @@ -16600,7 +16929,7 @@ released. | `volumeMounts` | `array` -| VolumeMounts allows configuration of additional VolumeMounts for Thanos. +| volumeMounts allows configuration of additional VolumeMounts for Thanos. VolumeMounts specified will be appended to other VolumeMounts in the 'thanos-sidecar' container. @@ -16613,7 +16942,7 @@ VolumeMounts specified will be appended to other VolumeMounts in the Description:: + -- -AdditionalArgs allows setting additional arguments for the Thanos container. +additionalArgs allows setting additional arguments for the Thanos container. The arguments are passed as-is to the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the @@ -16648,18 +16977,18 @@ Required:: | `name` | `string` -| Name of the argument, e.g. "scrape.discovery-reload-interval". +| name of the argument, e.g. "scrape.discovery-reload-interval". | `value` | `string` -| Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) +| value defines the argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) |=== === .spec.thanos.grpcServerTlsConfig Description:: + -- -Configures the TLS parameters for the gRPC server providing the StoreAPI. +grpcServerTlsConfig defines the TLS parameters for the gRPC server providing the StoreAPI. Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported. -- @@ -16676,54 +17005,54 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `caFile` | `string` -| Path to the CA cert in the Prometheus container to use for the targets. +| caFile defines the path to the CA cert in the Prometheus container to use for the targets. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `certFile` | `string` -| Path to the client cert file in the Prometheus container for the targets. +| certFile defines the path to the client cert file in the Prometheus container for the targets. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keyFile` | `string` -| Path to the client key file in the Prometheus container for the targets. +| keyFile defines the path to the client key file in the Prometheus container for the targets. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.thanos.grpcServerTlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -16738,18 +17067,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.thanos.grpcServerTlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -16785,7 +17114,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -16821,7 +17150,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -16836,18 +17165,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.thanos.grpcServerTlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -16883,7 +17212,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -16919,7 +17248,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -16955,7 +17284,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. +objectStorageConfig defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. More info: https://thanos.io/tip/thanos/storage.md/ @@ -16995,7 +17324,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Defines the resources requests and limits of the Thanos sidecar. +resources defines the resources requests and limits of the Thanos sidecar. -- Type:: @@ -17013,7 +17342,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -17042,7 +17371,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -17090,7 +17419,7 @@ only the result of this request. Description:: + -- -Defines the tracing configuration for the Thanos sidecar. +tracingConfig defines the tracing configuration for the Thanos sidecar. `tracingConfigFile` takes precedence over this field. @@ -17133,7 +17462,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -VolumeMounts allows configuration of additional VolumeMounts for Thanos. +volumeMounts allows configuration of additional VolumeMounts for Thanos. VolumeMounts specified will be appended to other VolumeMounts in the 'thanos-sidecar' container. -- @@ -17223,7 +17552,7 @@ SubPathExpr and SubPath are mutually exclusive. Description:: + -- -Defines the Pods' tolerations if specified. +tolerations defines the Pods' tolerations if specified. -- Type:: @@ -17284,7 +17613,7 @@ If the operator is Exists, the value should be empty, otherwise just a regular s Description:: + -- -Defines the pod's topology spread constraints if specified. +topologySpreadConstraints defines the pod's topology spread constraints if specified. -- Type:: @@ -17316,7 +17645,7 @@ Required:: | `additionalLabelSelectors` | `string` -| Defines what Prometheus Operator managed labels should be added to labelSelector on the topologySpreadConstraint. +| additionalLabelSelectors Defines what Prometheus Operator managed labels should be added to labelSelector on the topologySpreadConstraint. | `labelSelector` | `object` @@ -17523,7 +17852,7 @@ merge patch. Description:: + -- -TracingConfig configures tracing in Prometheus. +tracingConfig defines tracing in Prometheus. This is an *experimental feature*, it may change in any upcoming release in a breaking way. @@ -17543,42 +17872,42 @@ Required:: | `clientType` | `string` -| Client used to export the traces. Supported values are `http` or `grpc`. +| clientType defines the client used to export the traces. Supported values are `http` or `grpc`. | `compression` | `string` -| Compression key for supported compression types. The only supported value is `gzip`. +| compression key for supported compression types. The only supported value is `gzip`. | `endpoint` | `string` -| Endpoint to send the traces to. Should be provided in format :. +| endpoint to send the traces to. Should be provided in format :. | `headers` | `object (string)` -| Key-value pairs to be used as headers associated with gRPC or HTTP requests. +| headers defines the key-value pairs to be used as headers associated with gRPC or HTTP requests. | `insecure` | `boolean` -| If disabled, the client will use a secure connection. +| insecure if disabled, the client will use a secure connection. | `samplingFraction` | `integer-or-string` -| Sets the probability a given trace will be sampled. Must be a float from 0 through 1. +| samplingFraction defines the probability a given trace will be sampled. Must be a float from 0 through 1. | `timeout` | `string` -| Maximum time the exporter will wait for each batch export. +| timeout defines the maximum time the exporter will wait for each batch export. | `tlsConfig` | `object` -| TLS Config to use when sending traces. +| tlsConfig to use when sending traces. |=== === .spec.tracingConfig.tlsConfig Description:: + -- -TLS Config to use when sending traces. +tlsConfig to use when sending traces. -- Type:: @@ -17593,54 +17922,54 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `caFile` | `string` -| Path to the CA cert in the Prometheus container to use for the targets. +| caFile defines the path to the CA cert in the Prometheus container to use for the targets. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `certFile` | `string` -| Path to the client cert file in the Prometheus container for the targets. +| certFile defines the path to the client cert file in the Prometheus container for the targets. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keyFile` | `string` -| Path to the client key file in the Prometheus container for the targets. +| keyFile defines the path to the client key file in the Prometheus container for the targets. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.tracingConfig.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -17655,18 +17984,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.tracingConfig.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -17702,7 +18031,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -17738,7 +18067,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -17753,18 +18082,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.tracingConfig.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -17800,7 +18129,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -17836,7 +18165,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -17872,7 +18201,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Defines the runtime reloadable configuration of the timeseries database(TSDB). +tsdb defines the runtime reloadable configuration of the timeseries database(TSDB). It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. -- @@ -17888,7 +18217,7 @@ Type:: | `outOfOrderTimeWindow` | `string` -| Configures how old an out-of-order/out-of-bounds sample can be with +| outOfOrderTimeWindow defines how old an out-of-order/out-of-bounds sample can be with respect to the TSDB max time. An out-of-order/out-of-bounds sample is ingested into the TSDB as long as @@ -17904,7 +18233,7 @@ It requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0. Description:: + -- -VolumeMounts allows the configuration of additional VolumeMounts. +volumeMounts allows the configuration of additional VolumeMounts. VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects. @@ -17995,7 +18324,7 @@ SubPathExpr and SubPath are mutually exclusive. Description:: + -- -Volumes allows the configuration of additional volumes on the output +volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. -- @@ -18135,7 +18464,6 @@ into the Pod's container. | `object` | glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. -More info: https://examples.k8s.io/volumes/glusterfs/README.md | `hostPath` | `object` @@ -18166,7 +18494,7 @@ The field spec.securityContext.fsGroupChangePolicy has no effect on this volume | `object` | iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi | `name` | `string` @@ -18210,7 +18538,6 @@ Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supp | `object` | rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. -More info: https://examples.k8s.io/volumes/rbd/README.md | `scaleIO` | `object` @@ -19117,15 +19444,13 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class- | volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. +it can be changed after the claim is created. An empty string or nil value indicates that no +VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, +this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). | `volumeMode` | `string` @@ -19603,7 +19928,6 @@ Description:: -- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. -More info: https://examples.k8s.io/volumes/glusterfs/README.md -- Type:: @@ -19622,7 +19946,6 @@ Required:: | `endpoints` | `string` | endpoints is the endpoint name that details Glusterfs topology. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod | `path` | `string` @@ -19726,7 +20049,7 @@ Description:: -- iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi -- Type:: @@ -20055,6 +20378,43 @@ may change the order over time. | `object` | downwardAPI information about the downwardAPI data to project +| `podCertificate` +| `object` +| Projects an auto-rotating credential bundle (private key and certificate +chain) that the pod can use either as a TLS client or server. + +Kubelet generates a private key and uses it to send a +PodCertificateRequest to the named signer. Once the signer approves the +request and issues a certificate chain, Kubelet writes the key and +certificate chain to the pod filesystem. The pod does not start until +certificates have been issued for each podCertificate projected volume +source in its spec. + +Kubelet will begin trying to rotate the certificate at the time indicated +by the signer using the PodCertificateRequest.Status.BeginRefreshAt +timestamp. + +Kubelet can write a single file, indicated by the credentialBundlePath +field, or separate files, indicated by the keyPath and +certificateChainPath fields. + +The credential bundle is a single file in PEM format. The first PEM +entry is the private key (in PKCS#8 format), and the remaining PEM +entries are the certificate chain issued by the signer (typically, +signers will return their certificate chain in leaf-to-root order). + +Prefer using the credential bundle format, since your application code +can read it atomically. If you use keyPath and certificateChainPath, +your application must make two separate file reads. If these coincide +with a certificate rotation, it is possible that the private key and leaf +certificate you read may not correspond to each other. Your application +will need to check for this condition, and re-read until they are +consistent. + +The named signer controls chooses the format of the certificate it +issues; consult the signer implementation's documentation to learn how to +use the certificates it issues. + | `secret` | `object` | secret information about the secret data to project @@ -20458,6 +20818,123 @@ Required:: | `string` | Required: resource to select +|=== +=== .spec.volumes[].projected.sources[].podCertificate +Description:: ++ +-- +Projects an auto-rotating credential bundle (private key and certificate +chain) that the pod can use either as a TLS client or server. + +Kubelet generates a private key and uses it to send a +PodCertificateRequest to the named signer. Once the signer approves the +request and issues a certificate chain, Kubelet writes the key and +certificate chain to the pod filesystem. The pod does not start until +certificates have been issued for each podCertificate projected volume +source in its spec. + +Kubelet will begin trying to rotate the certificate at the time indicated +by the signer using the PodCertificateRequest.Status.BeginRefreshAt +timestamp. + +Kubelet can write a single file, indicated by the credentialBundlePath +field, or separate files, indicated by the keyPath and +certificateChainPath fields. + +The credential bundle is a single file in PEM format. The first PEM +entry is the private key (in PKCS#8 format), and the remaining PEM +entries are the certificate chain issued by the signer (typically, +signers will return their certificate chain in leaf-to-root order). + +Prefer using the credential bundle format, since your application code +can read it atomically. If you use keyPath and certificateChainPath, +your application must make two separate file reads. If these coincide +with a certificate rotation, it is possible that the private key and leaf +certificate you read may not correspond to each other. Your application +will need to check for this condition, and re-read until they are +consistent. + +The named signer controls chooses the format of the certificate it +issues; consult the signer implementation's documentation to learn how to +use the certificates it issues. +-- + +Type:: + `object` + +Required:: + - `keyType` + - `signerName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `certificateChainPath` +| `string` +| Write the certificate chain at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath +and certificateChainPath, your application needs to check that the key +and leaf certificate are consistent, because it is possible to read the +files mid-rotation. + +| `credentialBundlePath` +| `string` +| Write the credential bundle at this path in the projected volume. + +The credential bundle is a single file that contains multiple PEM blocks. +The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private +key. + +The remaining blocks are CERTIFICATE blocks, containing the issued +certificate chain from the signer (leaf and any intermediates). + +Using credentialBundlePath lets your Pod's application code make a single +atomic read that retrieves a consistent key and certificate chain. If you +project them to separate files, your application code will need to +additionally check that the leaf certificate was issued to the key. + +| `keyPath` +| `string` +| Write the key at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath +and certificateChainPath, your application needs to check that the key +and leaf certificate are consistent, because it is possible to read the +files mid-rotation. + +| `keyType` +| `string` +| The type of keypair Kubelet will generate for the pod. + +Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", +"ECDSAP521", and "ED25519". + +| `maxExpirationSeconds` +| `integer` +| maxExpirationSeconds is the maximum lifetime permitted for the +certificate. + +Kubelet copies this value verbatim into the PodCertificateRequests it +generates for this projection. + +If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver +will reject values shorter than 3600 (1 hour). The maximum allowable +value is 7862400 (91 days). + +The signer implementation is then free to issue a certificate with any +lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 +seconds (1 hour). This constraint is enforced by kube-apiserver. +`kubernetes.io` signers will never issue certificates with a lifetime +longer than 24 hours. + +| `signerName` +| `string` +| Kubelet's generated CSRs will be addressed to this signer. + |=== === .spec.volumes[].projected.sources[].secret Description:: @@ -20662,7 +21139,6 @@ Description:: -- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. -More info: https://examples.k8s.io/volumes/rbd/README.md -- Type:: @@ -21085,7 +21561,7 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. Description:: + -- -Defines the configuration of the Prometheus web server. +web defines the configuration of the Prometheus web server. -- Type:: @@ -21100,27 +21576,27 @@ Type:: | `httpConfig` | `object` -| Defines HTTP parameters for web server. +| httpConfig defines HTTP parameters for web server. | `maxConnections` | `integer` -| Defines the maximum number of simultaneous connections +| maxConnections defines the maximum number of simultaneous connections A zero value means that Prometheus doesn't accept any incoming connection. | `pageTitle` | `string` -| The prometheus web page title. +| pageTitle defines the prometheus web page title. | `tlsConfig` | `object` -| Defines the TLS parameters for HTTPS. +| tlsConfig defines the TLS parameters for HTTPS. |=== === .spec.web.httpConfig Description:: + -- -Defines HTTP parameters for web server. +httpConfig defines HTTP parameters for web server. -- Type:: @@ -21135,11 +21611,11 @@ Type:: | `headers` | `object` -| List of headers that can be added to HTTP responses. +| headers defines a list of headers that can be added to HTTP responses. | `http2` | `boolean` -| Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. +| http2 enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered. @@ -21148,7 +21624,7 @@ Whenever the value of the field changes, a rolling update will be triggered. Description:: + -- -List of headers that can be added to HTTP responses. +headers defines a list of headers that can be added to HTTP responses. -- Type:: @@ -21163,12 +21639,12 @@ Type:: | `contentSecurityPolicy` | `string` -| Set the Content-Security-Policy header to HTTP responses. +| contentSecurityPolicy defines the Content-Security-Policy header to HTTP responses. Unset if blank. | `strictTransportSecurity` | `string` -| Set the Strict-Transport-Security header to HTTP responses. +| strictTransportSecurity defines the Strict-Transport-Security header to HTTP responses. Unset if blank. Please make sure that you use this with care as this header might force browsers to load Prometheus and the other applications hosted on the same @@ -21177,19 +21653,19 @@ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Secur | `xContentTypeOptions` | `string` -| Set the X-Content-Type-Options header to HTTP responses. +| xContentTypeOptions defines the X-Content-Type-Options header to HTTP responses. Unset if blank. Accepted value is nosniff. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options | `xFrameOptions` | `string` -| Set the X-Frame-Options header to HTTP responses. +| xFrameOptions defines the X-Frame-Options header to HTTP responses. Unset if blank. Accepted values are deny and sameorigin. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | `xXSSProtection` | `string` -| Set the X-XSS-Protection header to all responses. +| xXSSProtection defines the X-XSS-Protection header to all responses. Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection @@ -21198,7 +21674,7 @@ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection Description:: + -- -Defines the TLS parameters for HTTPS. +tlsConfig defines the TLS parameters for HTTPS. -- Type:: @@ -21213,7 +21689,7 @@ Type:: | `cert` | `object` -| Secret or ConfigMap containing the TLS certificate for the web server. +| cert defines the Secret or ConfigMap containing the TLS certificate for the web server. Either `keySecret` or `keyFile` must be defined. @@ -21221,7 +21697,7 @@ It is mutually exclusive with `certFile`. | `certFile` | `string` -| Path to the TLS certificate file in the container for the web server. +| certFile defines the path to the TLS certificate file in the container for the web server. Either `keySecret` or `keyFile` must be defined. @@ -21229,7 +21705,7 @@ It is mutually exclusive with `cert`. | `cipherSuites` | `array (string)` -| List of supported cipher suites for TLS versions up to TLS 1.2. +| cipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. If not defined, the Go default cipher suites are used. Available cipher suites are documented in the Go documentation: @@ -21237,28 +21713,28 @@ https://golang.org/pkg/crypto/tls/#pkg-constants | `clientAuthType` | `string` -| The server policy for client TLS authentication. +| clientAuthType defines the server policy for client TLS authentication. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType | `clientCAFile` | `string` -| Path to the CA certificate file for client certificate authentication to +| clientCAFile defines the path to the CA certificate file for client certificate authentication to the server. It is mutually exclusive with `client_ca`. | `client_ca` | `object` -| Secret or ConfigMap containing the CA certificate for client certificate +| client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. It is mutually exclusive with `clientCAFile`. | `curvePreferences` | `array (string)` -| Elliptic curves that will be used in an ECDHE handshake, in preference +| curvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the Go documentation: @@ -21266,7 +21742,7 @@ https://golang.org/pkg/crypto/tls/#CurveID | `keyFile` | `string` -| Path to the TLS private key file in the container for the web server. +| keyFile defines the path to the TLS private key file in the container for the web server. If defined, either `cert` or `certFile` must be defined. @@ -21274,7 +21750,7 @@ It is mutually exclusive with `keySecret`. | `keySecret` | `object` -| Secret containing the TLS private key for the web server. +| keySecret defines the secret containing the TLS private key for the web server. Either `cert` or `certFile` must be defined. @@ -21282,15 +21758,15 @@ It is mutually exclusive with `keyFile`. | `maxVersion` | `string` -| Maximum TLS version that is acceptable. +| maxVersion defines the Maximum TLS version that is acceptable. | `minVersion` | `string` -| Minimum TLS version that is acceptable. +| minVersion defines the minimum TLS version that is acceptable. | `preferServerCipherSuites` | `boolean` -| Controls whether the server selects the client's most preferred cipher +| preferServerCipherSuites defines whether the server selects the client's most preferred cipher suite, or the server's most preferred cipher suite. If true then the server's preference, as expressed in @@ -21301,7 +21777,7 @@ the order of elements in cipherSuites, is used. Description:: + -- -Secret or ConfigMap containing the TLS certificate for the web server. +cert defines the Secret or ConfigMap containing the TLS certificate for the web server. Either `keySecret` or `keyFile` must be defined. @@ -21320,18 +21796,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.web.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -21367,7 +21843,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -21403,7 +21879,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret or ConfigMap containing the CA certificate for client certificate +client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. It is mutually exclusive with `clientCAFile`. @@ -21421,18 +21897,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.web.tlsConfig.client_ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -21468,7 +21944,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -21504,7 +21980,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the TLS private key for the web server. +keySecret defines the secret containing the TLS private key for the web server. Either `cert` or `certFile` must be defined. @@ -21544,7 +22020,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Most recent observed status of the Prometheus cluster. Read-only. +status defines the most recent observed status of the Prometheus cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status -- @@ -21552,12 +22028,6 @@ https://github.com/kubernetes/community/blob/master/contributors/devel/sig-archi Type:: `object` -Required:: - - `availableReplicas` - - `paused` - - `replicas` - - `unavailableReplicas` - - `updatedReplicas` @@ -21567,12 +22037,12 @@ Required:: | `availableReplicas` | `integer` -| Total number of available pods (ready for at least minReadySeconds) +| availableReplicas defines the total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment. | `conditions` | `array` -| The current state of the Prometheus deployment. +| conditions defines the current state of the Prometheus deployment. | `conditions[]` | `object` @@ -21581,37 +22051,37 @@ Prometheus, Alertmanager or ThanosRuler resource. | `paused` | `boolean` -| Represents whether any actions on the underlying managed objects are +| paused defines whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. | `replicas` | `integer` -| Total number of non-terminated pods targeted by this Prometheus deployment +| replicas defines the total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector). | `selector` | `string` -| The selector used to match the pods targeted by this Prometheus resource. +| selector used to match the pods targeted by this Prometheus resource. | `shardStatuses` | `array` -| The list has one entry per shard. Each entry provides a summary of the shard status. +| shardStatuses defines the list has one entry per shard. Each entry provides a summary of the shard status. | `shardStatuses[]` | `object` -| +| | `shards` | `integer` -| Shards is the most recently observed number of shards. +| shards defines the most recently observed number of shards. | `unavailableReplicas` | `integer` -| Total number of unavailable pods targeted by this Prometheus deployment. +| unavailableReplicas defines the total number of unavailable pods targeted by this Prometheus deployment. | `updatedReplicas` | `integer` -| Total number of non-terminated pods targeted by this Prometheus deployment +| updatedReplicas defines the total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec. |=== @@ -21619,7 +22089,7 @@ that have the desired version spec. Description:: + -- -The current state of the Prometheus deployment. +conditions defines the current state of the Prometheus deployment. -- Type:: @@ -21656,11 +22126,11 @@ Required:: | `message` | `string` -| Human-readable message indicating details for the condition's last transition. +| message defines human-readable message indicating details for the condition's last transition. | `observedGeneration` | `integer` -| ObservedGeneration represents the .metadata.generation that the +| observedGeneration defines the .metadata.generation that the condition was set based upon. For instance, if `.metadata.generation` is currently 12, but the `.status.conditions[].observedGeneration` is 9, the condition is out of date with respect to the current state of the @@ -21668,22 +22138,22 @@ instance. | `reason` | `string` -| Reason for the condition's last transition. +| reason for the condition's last transition. | `status` | `string` -| Status of the condition. +| status of the condition. | `type` | `string` -| Type of the condition being reported. +| type of the condition being reported. |=== === .status.shardStatuses Description:: + -- -The list has one entry per shard. Each entry provides a summary of the shard status. +shardStatuses defines the list has one entry per shard. Each entry provides a summary of the shard status. -- Type:: @@ -21717,24 +22187,24 @@ Required:: | `availableReplicas` | `integer` -| Total number of available pods (ready for at least minReadySeconds) +| availableReplicas defines the total number of available pods (ready for at least minReadySeconds) targeted by this shard. | `replicas` | `integer` -| Total number of pods targeted by this shard. +| replicas defines the total number of pods targeted by this shard. | `shardID` | `string` -| Identifier of the shard. +| shardID defines the identifier of the shard. | `unavailableReplicas` | `integer` -| Total number of unavailable pods targeted by this shard. +| unavailableReplicas defines the Total number of unavailable pods targeted by this shard. | `updatedReplicas` | `integer` -| Total number of non-terminated pods targeted by this shard +| updatedReplicas defines the total number of non-terminated pods targeted by this shard that have the desired spec. |=== @@ -21853,7 +22323,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc#prometheus-monitoring-coreos-com-v1[`Prometheus`] schema -| +| |=== .HTTP responses @@ -21986,7 +22456,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc#prometheus-monitoring-coreos-com-v1[`Prometheus`] schema -| +| |=== .HTTP responses @@ -22088,7 +22558,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema -| +| |=== .HTTP responses @@ -22190,7 +22660,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc#prometheus-monitoring-coreos-com-v1[`Prometheus`] schema -| +| |=== .HTTP responses diff --git a/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc index e8b9427075..1b8a37072d 100644 --- a/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc @@ -43,14 +43,23 @@ Required:: | `spec` | `object` -| Specification of desired alerting rule definitions for Prometheus. +| spec defines the specification of desired alerting rule definitions for Prometheus. + +| `status` +| `object` +| status defines the status subresource. It is under active development and is updated only when the +"StatusForConfigurationResources" feature gate is enabled. + +Most recent observed status of the PrometheusRule. Read-only. +More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |=== === .spec Description:: + -- -Specification of desired alerting rule definitions for Prometheus. +spec defines the specification of desired alerting rule definitions for Prometheus. -- Type:: @@ -65,7 +74,7 @@ Type:: | `groups` | `array` -| Content of Prometheus rule file +| groups defines the content of Prometheus rule file | `groups[]` | `object` @@ -76,7 +85,7 @@ Type:: Description:: + -- -Content of Prometheus rule file +groups defines the content of Prometheus rule file -- Type:: @@ -106,11 +115,11 @@ Required:: | `interval` | `string` -| Interval determines how often rules in the group are evaluated. +| interval defines how often rules in the group are evaluated. | `labels` | `object (string)` -| Labels to add or overwrite before storing the result for its rules. +| labels define the labels to add or overwrite before storing the result for its rules. The labels defined at the rule level take precedence. It requires Prometheus >= 3.0.0. @@ -118,30 +127,30 @@ The field is ignored for Thanos Ruler. | `limit` | `integer` -| Limit the number of alerts an alerting rule and series a recording +| limit defines the number of alerts an alerting rule and series a recording rule can produce. Limit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24. | `name` | `string` -| Name of the rule group. +| name defines the name of the rule group. | `partial_response_strategy` | `string` -| PartialResponseStrategy is only used by ThanosRuler and will +| partial_response_strategy is only used by ThanosRuler and will be ignored by Prometheus instances. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response | `query_offset` | `string` -| Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. +| query_offset defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. It requires Prometheus >= v2.53.0. It is not supported for ThanosRuler. | `rules` | `array` -| List of alerting and recording rules. +| rules defines the list of alerting and recording rules. | `rules[]` | `object` @@ -153,7 +162,7 @@ See Prometheus documentation: [alerting](https://www.prometheus.io/docs/promethe Description:: + -- -List of alerting and recording rules. +rules defines the list of alerting and recording rules. -- Type:: @@ -184,35 +193,189 @@ Required:: | `alert` | `string` -| Name of the alert. Must be a valid label value. +| alert defines the name of the alert. Must be a valid label value. Only one of `record` and `alert` must be set. | `annotations` | `object (string)` -| Annotations to add to each alert. +| annotations defines annotations to add to each alert. Only valid for alerting rules. | `expr` | `integer-or-string` -| PromQL expression to evaluate. +| expr defines the PromQL expression to evaluate. | `for` | `string` -| Alerts are considered firing once they have been returned for this long. +| for defines how alerts are considered firing once they have been returned for this long. | `keep_firing_for` | `string` -| KeepFiringFor defines how long an alert will continue firing after the condition that triggered it has cleared. +| keep_firing_for defines how long an alert will continue firing after the condition that triggered it has cleared. | `labels` | `object (string)` -| Labels to add or overwrite. +| labels defines labels to add or overwrite. | `record` | `string` -| Name of the time series to output to. Must be a valid metric name. +| record defines the name of the time series to output to. Must be a valid metric name. Only one of `record` and `alert` must be set. +|=== +=== .status +Description:: ++ +-- +status defines the status subresource. It is under active development and is updated only when the +"StatusForConfigurationResources" feature gate is enabled. + +Most recent observed status of the PrometheusRule. Read-only. +More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `bindings` +| `array` +| bindings defines the list of workload resources (Prometheus, PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration resource. + +| `bindings[]` +| `object` +| WorkloadBinding is a link between a configuration resource and a workload resource. + +|=== +=== .status.bindings +Description:: ++ +-- +bindings defines the list of workload resources (Prometheus, PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration resource. +-- + +Type:: + `array` + + + + +=== .status.bindings[] +Description:: ++ +-- +WorkloadBinding is a link between a configuration resource and a workload resource. +-- + +Type:: + `object` + +Required:: + - `group` + - `name` + - `namespace` + - `resource` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| conditions defines the current state of the configuration resource when bound to the referenced Workload object. + +| `conditions[]` +| `object` +| ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager or ThanosRuler. + +| `group` +| `string` +| group defines the group of the referenced resource. + +| `name` +| `string` +| name defines the name of the referenced object. + +| `namespace` +| `string` +| namespace defines the namespace of the referenced object. + +| `resource` +| `string` +| resource defines the type of resource being referenced (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager). + +|=== +=== .status.bindings[].conditions +Description:: ++ +-- +conditions defines the current state of the configuration resource when bound to the referenced Workload object. +-- + +Type:: + `array` + + + + +=== .status.bindings[].conditions[] +Description:: ++ +-- +ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager or ThanosRuler. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime defines the time of the last update to the current status property. + +| `message` +| `string` +| message defines the human-readable message indicating details for the condition's last transition. + +| `observedGeneration` +| `integer` +| observedGeneration defines the .metadata.generation that the +condition was set based upon. For instance, if `.metadata.generation` is +currently 12, but the `.status.conditions[].observedGeneration` is 9, the +condition is out of date with respect to the current state of the object. + +| `reason` +| `string` +| reason for the condition's last transition. + +| `status` +| `string` +| status of the condition. + +| `type` +| `string` +| type of the condition being reported. +Currently, only "Accepted" is supported. + |=== == API endpoints @@ -230,6 +393,10 @@ The following API endpoints are available: - `GET`: read the specified PrometheusRule - `PATCH`: partially update the specified PrometheusRule - `PUT`: replace the specified PrometheusRule +* `/apis/monitoring.coreos.com/v1/namespaces/{namespace}/prometheusrules/{name}/status` +- `GET`: read status of the specified PrometheusRule +- `PATCH`: partially update status of the specified PrometheusRule +- `PUT`: replace status of the specified PrometheusRule === /apis/monitoring.coreos.com/v1/prometheusrules @@ -470,3 +637,105 @@ Description:: |=== +=== /apis/monitoring.coreos.com/v1/namespaces/{namespace}/prometheusrules/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the PrometheusRule +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified PrometheusRule + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc#prometheusrule-monitoring-coreos-com-v1[`PrometheusRule`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified PrometheusRule + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc#prometheusrule-monitoring-coreos-com-v1[`PrometheusRule`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified PrometheusRule + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc#prometheusrule-monitoring-coreos-com-v1[`PrometheusRule`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc#prometheusrule-monitoring-coreos-com-v1[`PrometheusRule`] schema +| 201 - Created +| xref:../monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc#prometheusrule-monitoring-coreos-com-v1[`PrometheusRule`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc index fc9bbbea1d..abbbe44526 100644 --- a/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc @@ -48,12 +48,12 @@ Required:: | `spec` | `object` -| Specification of desired Service selection for target discovery by +| spec defines the specification of desired Service selection for target discovery by Prometheus. | `status` | `object` -| This Status subresource is under active development and is updated only when the +| status defines the status subresource. It is under active development and is updated only when the "StatusForConfigurationResources" feature gate is enabled. Most recent observed status of the ServiceMonitor. Read-only. @@ -65,7 +65,7 @@ https://github.com/kubernetes/community/blob/master/contributors/devel/sig-archi Description:: + -- -Specification of desired Service selection for target discovery by +spec defines the specification of desired Service selection for target discovery by Prometheus. -- @@ -84,26 +84,26 @@ Required:: | `attachMetadata` | `object` -| `attachMetadata` defines additional metadata which is added to the +| attachMetadata defines additional metadata which is added to the discovered targets. It requires Prometheus >= v2.37.0. | `bodySizeLimit` | `string` -| When defined, bodySizeLimit specifies a job level limit on the size +| bodySizeLimit when defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. It requires Prometheus >= v2.28.0. | `convertClassicHistogramsToNHCB` | `boolean` -| Whether to convert all scraped classic histograms into a native histogram with custom buckets. +| convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets. It requires Prometheus >= v3.0.0. | `endpoints` | `array` -| List of endpoints part of this ServiceMonitor. +| endpoints defines the list of endpoints part of this ServiceMonitor. Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects. In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels. @@ -114,13 +114,13 @@ Prometheus. | `fallbackScrapeProtocol` | `string` -| The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. +| fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. It requires Prometheus >= v3.0.0. | `jobLabel` | `string` -| `jobLabel` selects the label from the associated Kubernetes `Service` +| jobLabel selects the label from the associated Kubernetes `Service` object which will be used as the `job` label for all metrics. For example if `jobLabel` is set to `foo` and the Kubernetes `Service` @@ -133,70 +133,70 @@ of the associated Kubernetes `Service`. | `keepDroppedTargets` | `integer` -| Per-scrape limit on the number of targets dropped by relabeling +| keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. It requires Prometheus >= v2.47.0. | `labelLimit` | `integer` -| Per-scrape limit on number of labels that will be accepted for a sample. +| labelLimit defines the per-scrape limit on number of labels that will be accepted for a sample. It requires Prometheus >= v2.27.0. | `labelNameLengthLimit` | `integer` -| Per-scrape limit on length of labels name that will be accepted for a sample. +| labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample. It requires Prometheus >= v2.27.0. | `labelValueLengthLimit` | `integer` -| Per-scrape limit on length of labels value that will be accepted for a sample. +| labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample. It requires Prometheus >= v2.27.0. | `namespaceSelector` | `object` -| `namespaceSelector` defines in which namespace(s) Prometheus should discover the services. +| namespaceSelector defines in which namespace(s) Prometheus should discover the services. By default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces. | `nativeHistogramBucketLimit` | `integer` -| If there are more than this many buckets in a native histogram, +| nativeHistogramBucketLimit defines ff there are more than this many buckets in a native histogram, buckets will be merged to stay within the limit. It requires Prometheus >= v2.45.0. | `nativeHistogramMinBucketFactor` | `integer-or-string` -| If the growth factor of one bucket to the next is smaller than this, +| nativeHistogramMinBucketFactor defines if the growth factor of one bucket to the next is smaller than this, buckets will be merged to increase the factor sufficiently. It requires Prometheus >= v2.50.0. | `podTargetLabels` | `array (string)` -| `podTargetLabels` defines the labels which are transferred from the +| podTargetLabels defines the labels which are transferred from the associated Kubernetes `Pod` object onto the ingested metrics. | `sampleLimit` | `integer` -| `sampleLimit` defines a per-scrape limit on the number of scraped samples +| sampleLimit defines a per-scrape limit on the number of scraped samples that will be accepted. | `scrapeClass` | `string` -| The scrape class to apply. +| scrapeClass defines the scrape class to apply. | `scrapeClassicHistograms` | `boolean` -| Whether to scrape a classic histogram that is also exposed as a native histogram. +| scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0. Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration. | `scrapeProtocols` | `array (string)` -| `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the +| scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). If unset, Prometheus uses its default value. @@ -205,25 +205,33 @@ It requires Prometheus >= v2.49.0. | `selector` | `object` -| Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. +| selector defines the label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. | `selectorMechanism` | `string` -| Mechanism used to select the endpoints to scrape. +| selectorMechanism defines the mechanism used to select the endpoints to scrape. By default, the selection process relies on relabel configurations to filter the discovered targets. Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. Which strategy is best for your use case needs to be carefully evaluated. It requires Prometheus >= v2.17.0. +| `serviceDiscoveryRole` +| `string` +| serviceDiscoveryRole defines the service discovery role used to discover targets. + +If set, the value should be either "Endpoints" or "EndpointSlice". +Otherwise it defaults to the value defined in the +Prometheus/PrometheusAgent resource. + | `targetLabels` | `array (string)` -| `targetLabels` defines the labels which are transferred from the +| targetLabels defines the labels which are transferred from the associated Kubernetes `Service` object onto the ingested metrics. | `targetLimit` | `integer` -| `targetLimit` defines a limit on the number of scraped targets that will +| targetLimit defines a limit on the number of scraped targets that will be accepted. |=== @@ -231,7 +239,7 @@ be accepted. Description:: + -- -`attachMetadata` defines additional metadata which is added to the +attachMetadata defines additional metadata which is added to the discovered targets. It requires Prometheus >= v2.37.0. @@ -249,7 +257,7 @@ Type:: | `node` | `boolean` -| When set to true, Prometheus attaches node metadata to the discovered +| node when set to true, Prometheus attaches node metadata to the discovered targets. The Prometheus service account must have the `list` and `watch` @@ -260,7 +268,7 @@ permissions on the `Nodes` objects. Description:: + -- -List of endpoints part of this ServiceMonitor. +endpoints defines the list of endpoints part of this ServiceMonitor. Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects. In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels. -- @@ -291,27 +299,27 @@ Type:: | `authorization` | `object` -| `authorization` configures the Authorization header credentials to use when +| authorization configures the Authorization header credentials to use when scraping the target. Cannot be set at the same time as `basicAuth`, or `oauth2`. | `basicAuth` | `object` -| `basicAuth` configures the Basic Authentication credentials to use when +| basicAuth defines the Basic Authentication credentials to use when scraping the target. Cannot be set at the same time as `authorization`, or `oauth2`. | `bearerTokenFile` | `string` -| File to read bearer token for scraping the target. +| bearerTokenFile defines the file to read bearer token for scraping the target. Deprecated: use `authorization` instead. | `bearerTokenSecret` | `object` -| `bearerTokenSecret` specifies a key of a Secret containing the bearer +| bearerTokenSecret defines a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the ServiceMonitor object and readable by the Prometheus Operator. @@ -319,11 +327,11 @@ Deprecated: use `authorization` instead. | `enableHttp2` | `boolean` -| `enableHttp2` can be used to disable HTTP2 when scraping the target. +| enableHttp2 can be used to disable HTTP2 when scraping the target. | `filterRunning` | `boolean` -| When true, the pods which are not running (e.g. either in Failed or +| filterRunning when true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. If unset, the filtering is enabled. @@ -332,28 +340,28 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod | `followRedirects` | `boolean` -| `followRedirects` defines whether the scrape requests should follow HTTP +| followRedirects defines whether the scrape requests should follow HTTP 3xx redirects. | `honorLabels` | `boolean` -| When true, `honorLabels` preserves the metric's labels when they collide +| honorLabels defines when true the metric's labels when they collide with the target's labels. | `honorTimestamps` | `boolean` -| `honorTimestamps` controls whether Prometheus preserves the timestamps +| honorTimestamps defines whether Prometheus preserves the timestamps when exposed by the target. | `interval` | `string` -| Interval at which Prometheus scrapes the metrics from the target. +| interval at which Prometheus scrapes the metrics from the target. If empty, Prometheus uses the global scrape interval. | `metricRelabelings` | `array` -| `metricRelabelings` configures the relabeling rules to apply to the +| metricRelabelings defines the relabeling rules to apply to the samples before ingestion. | `metricRelabelings[]` @@ -365,7 +373,7 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -373,7 +381,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| `oauth2` configures the OAuth2 settings to use when scraping the target. +| oauth2 defines the OAuth2 settings to use when scraping the target. It requires Prometheus >= 2.27.0. @@ -385,23 +393,23 @@ Cannot be set at the same time as `authorization`, or `basicAuth`. | `params{}` | `array (string)` -| +| | `path` | `string` -| HTTP path from which to scrape for metrics. +| path defines the HTTP path from which to scrape for metrics. If empty, Prometheus uses the default value (e.g. `/metrics`). | `port` | `string` -| Name of the Service port which this endpoint refers to. +| port defines the name of the Service port which this endpoint refers to. It takes precedence over `targetPort`. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -416,22 +424,22 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `relabelings` | `array` -| `relabelings` configures the relabeling rules to apply the target's +| relabelings defines the relabeling rules to apply the target's metadata labels. The Operator automatically adds relabelings for a few standard Kubernetes fields. -The original scrape job's name is available via the `\__tmp_prometheus_job_name` label. +The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config @@ -444,7 +452,7 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat | `scheme` | `string` -| HTTP scheme to use for scraping. +| scheme defines the HTTP scheme to use for scraping. `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. @@ -453,7 +461,7 @@ If empty, Prometheus uses the default value `http`. | `scrapeTimeout` | `string` -| Timeout after which Prometheus considers the scrape to be failed. +| scrapeTimeout defines the timeout after which Prometheus considers the scrape to be failed. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. @@ -461,16 +469,16 @@ The value cannot be greater than the scrape interval otherwise the operator will | `targetPort` | `integer-or-string` -| Name or number of the target port of the `Pod` object behind the +| targetPort defines the name or number of the target port of the `Pod` object behind the Service. The port must be specified with the container's port property. | `tlsConfig` | `object` -| TLS configuration to use when scraping the target. +| tlsConfig defines the TLS configuration to use when scraping the target. | `trackTimestampsStaleness` | `boolean` -| `trackTimestampsStaleness` defines whether Prometheus tracks staleness of +| trackTimestampsStaleness defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. @@ -481,7 +489,7 @@ It requires Prometheus >= v2.48.0. Description:: + -- -`authorization` configures the Authorization header credentials to use when +authorization configures the Authorization header credentials to use when scraping the target. Cannot be set at the same time as `basicAuth`, or `oauth2`. @@ -499,11 +507,11 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -514,7 +522,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -550,7 +558,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`basicAuth` configures the Basic Authentication credentials to use when +basicAuth defines the Basic Authentication credentials to use when scraping the target. Cannot be set at the same time as `authorization`, or `oauth2`. @@ -568,12 +576,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -581,7 +589,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -618,7 +626,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -655,7 +663,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`bearerTokenSecret` specifies a key of a Secret containing the bearer +bearerTokenSecret defines a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the ServiceMonitor object and readable by the Prometheus Operator. @@ -695,7 +703,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`metricRelabelings` configures the relabeling rules to apply to the +metricRelabelings defines the relabeling rules to apply to the samples before ingestion. -- @@ -727,7 +735,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -736,34 +744,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -775,7 +783,7 @@ Regex capture groups are available. Description:: + -- -`oauth2` configures the OAuth2 settings to use when scraping the target. +oauth2 defines the OAuth2 settings to use when scraping the target. It requires Prometheus >= 2.27.0. @@ -798,22 +806,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -821,14 +829,14 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader{}` | `array` -| +| | `proxyConnectHeader{}[]` | `object` @@ -836,33 +844,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.endpoints[].oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -878,18 +886,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.endpoints[].oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -925,7 +933,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -961,7 +969,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -998,7 +1006,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -1063,7 +1071,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -1079,42 +1087,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.endpoints[].oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -1129,18 +1137,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.endpoints[].oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1176,7 +1184,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1212,7 +1220,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -1227,18 +1235,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.endpoints[].oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1274,7 +1282,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1310,7 +1318,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -1359,7 +1367,7 @@ Type:: Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -1424,12 +1432,12 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`relabelings` configures the relabeling rules to apply the target's +relabelings defines the relabeling rules to apply the target's metadata labels. The Operator automatically adds relabelings for a few standard Kubernetes fields. -The original scrape job's name is available via the `\__tmp_prometheus_job_name` label. +The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- @@ -1462,7 +1470,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -1471,34 +1479,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -1510,7 +1518,7 @@ Regex capture groups are available. Description:: + -- -TLS configuration to use when scraping the target. +tlsConfig defines the TLS configuration to use when scraping the target. -- Type:: @@ -1525,54 +1533,54 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `caFile` | `string` -| Path to the CA cert in the Prometheus container to use for the targets. +| caFile defines the path to the CA cert in the Prometheus container to use for the targets. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `certFile` | `string` -| Path to the client cert file in the Prometheus container for the targets. +| certFile defines the path to the client cert file in the Prometheus container for the targets. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keyFile` | `string` -| Path to the client key file in the Prometheus container for the targets. +| keyFile defines the path to the client key file in the Prometheus container for the targets. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.endpoints[].tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -1587,18 +1595,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.endpoints[].tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1634,7 +1642,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1670,7 +1678,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -1685,18 +1693,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.endpoints[].tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -1732,7 +1740,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -1768,7 +1776,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -1804,7 +1812,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`namespaceSelector` defines in which namespace(s) Prometheus should discover the services. +namespaceSelector defines in which namespace(s) Prometheus should discover the services. By default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces. -- @@ -1820,19 +1828,19 @@ Type:: | `any` | `boolean` -| Boolean describing whether all namespaces are selected in contrast to a +| any defines the boolean describing whether all namespaces are selected in contrast to a list restricting them. | `matchNames` | `array (string)` -| List of namespace names to select from. +| matchNames defines the list of namespace names to select from. |=== === .spec.selector Description:: + -- -Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. +selector defines the label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. -- Type:: @@ -1916,7 +1924,7 @@ merge patch. Description:: + -- -This Status subresource is under active development and is updated only when the +status defines the status subresource. It is under active development and is updated only when the "StatusForConfigurationResources" feature gate is enabled. Most recent observed status of the ServiceMonitor. Read-only. @@ -1936,7 +1944,7 @@ Type:: | `bindings` | `array` -| The list of workload resources (Prometheus or PrometheusAgent) which select the configuration resource. +| bindings defines the list of workload resources (Prometheus, PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration resource. | `bindings[]` | `object` @@ -1947,7 +1955,7 @@ Type:: Description:: + -- -The list of workload resources (Prometheus or PrometheusAgent) which select the configuration resource. +bindings defines the list of workload resources (Prometheus, PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration resource. -- Type:: @@ -1980,34 +1988,34 @@ Required:: | `conditions` | `array` -| The current state of the configuration resource when bound to the referenced Prometheus object. +| conditions defines the current state of the configuration resource when bound to the referenced Workload object. | `conditions[]` | `object` -| ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager, or ThanosRuler. +| ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager or ThanosRuler. | `group` | `string` -| The group of the referenced resource. +| group defines the group of the referenced resource. | `name` | `string` -| The name of the referenced object. +| name defines the name of the referenced object. | `namespace` | `string` -| The namespace of the referenced object. +| namespace defines the namespace of the referenced object. | `resource` | `string` -| The type of resource being referenced (e.g. Prometheus or PrometheusAgent). +| resource defines the type of resource being referenced (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager). |=== === .status.bindings[].conditions Description:: + -- -The current state of the configuration resource when bound to the referenced Prometheus object. +conditions defines the current state of the configuration resource when bound to the referenced Workload object. -- Type:: @@ -2020,7 +2028,7 @@ Type:: Description:: + -- -ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager, or ThanosRuler. +ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager or ThanosRuler. -- Type:: @@ -2039,30 +2047,30 @@ Required:: | `lastTransitionTime` | `string` -| LastTransitionTime is the time of the last update to the current status property. +| lastTransitionTime defines the time of the last update to the current status property. | `message` | `string` -| Human-readable message indicating details for the condition's last transition. +| message defines the human-readable message indicating details for the condition's last transition. | `observedGeneration` | `integer` -| ObservedGeneration represents the .metadata.generation that the +| observedGeneration defines the .metadata.generation that the condition was set based upon. For instance, if `.metadata.generation` is currently 12, but the `.status.conditions[].observedGeneration` is 9, the condition is out of date with respect to the current state of the object. | `reason` | `string` -| Reason for the condition's last transition. +| reason for the condition's last transition. | `status` | `string` -| Status of the condition. +| status of the condition. | `type` | `string` -| Type of the condition being reported. +| type of the condition being reported. Currently, only "Accepted" is supported. |=== @@ -2177,7 +2185,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc#servicemonitor-monitoring-coreos-com-v1[`ServiceMonitor`] schema -| +| |=== .HTTP responses @@ -2310,7 +2318,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc#servicemonitor-monitoring-coreos-com-v1[`ServiceMonitor`] schema -| +| |=== .HTTP responses diff --git a/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc index a418144977..339b4e8b44 100644 --- a/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc @@ -45,12 +45,12 @@ Required:: | `spec` | `object` -| Specification of the desired behavior of the ThanosRuler cluster. More info: +| spec defines the specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | `status` | `object` -| Most recent observed status of the ThanosRuler cluster. Read-only. +| status defines the most recent observed status of the ThanosRuler cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status @@ -59,7 +59,7 @@ https://github.com/kubernetes/community/blob/master/contributors/devel/sig-archi Description:: + -- -Specification of the desired behavior of the ThanosRuler cluster. More info: +spec defines the specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status -- @@ -75,7 +75,7 @@ Type:: | `additionalArgs` | `array` -| AdditionalArgs allows setting additional arguments for the ThanosRuler container. +| additionalArgs defines how to add additional arguments for the ThanosRuler container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the ThanosRuler container which may cause issues if they are invalid or not supported @@ -90,24 +90,24 @@ fail and an error will be logged. | `affinity` | `object` -| If specified, the pod's scheduling constraints. +| affinity defines when specified, the pod's scheduling constraints. | `alertDropLabels` | `array (string)` -| Configures the label names which should be dropped in Thanos Ruler +| alertDropLabels defines the label names which should be dropped in Thanos Ruler alerts. The replica label `thanos_ruler_replica` will always be dropped from the alerts. | `alertQueryUrl` | `string` -| The external Query URL the Thanos Ruler will set in the 'Source' field +| alertQueryUrl defines how Thanos Ruler will set in the 'Source' field of all alerts. Maps to the '--alert.query-url' CLI arg. | `alertRelabelConfigFile` | `string` -| Configures the path to the alert relabeling configuration file. +| alertRelabelConfigFile defines the path to the alert relabeling configuration file. Alert relabel configuration must have the form as specified in the official Prometheus documentation: @@ -119,7 +119,7 @@ This field takes precedence over `alertRelabelConfig`. | `alertRelabelConfigs` | `object` -| Configures alert relabeling in Thanos Ruler. +| alertRelabelConfigs defines the alert relabeling in Thanos Ruler. Alert relabel configuration must have the form as specified in the official Prometheus documentation: @@ -131,7 +131,7 @@ The operator performs no validation of the configuration. | `alertmanagersConfig` | `object` -| Configures the list of Alertmanager endpoints to send alerts to. +| alertmanagersConfig defines the list of Alertmanager endpoints to send alerts to. The configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager. @@ -143,7 +143,7 @@ This field takes precedence over `alertmanagersUrl`. | `alertmanagersUrl` | `array (string)` -| Configures the list of Alertmanager endpoints to send alerts to. +| alertmanagersUrl defines the list of Alertmanager endpoints to send alerts to. For Thanos >= v0.10.0, it is recommended to use `alertmanagersConfig` instead. @@ -151,7 +151,7 @@ For Thanos >= v0.10.0, it is recommended to use `alertmanagersConfig` instead. | `containers` | `array` -| Containers allows injecting additional containers or modifying operator generated +| containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a @@ -165,15 +165,15 @@ so, you accept that this behaviour may break at any time without notice. | `dnsConfig` | `object` -| Defines the DNS configuration for the pods. +| dnsConfig defines Defines the DNS configuration for the pods. | `dnsPolicy` | `string` -| Defines the DNS policy for the pods. +| dnsPolicy defines the DNS policy for the pods. | `enableFeatures` | `array (string)` -| Enable access to Thanos Ruler feature flags. By default, no features are enabled. +| enableFeatures defines how to setup Thanos Ruler feature flags. By default, no features are enabled. Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept @@ -185,21 +185,21 @@ It requires Thanos >= 0.39.0. | `enableServiceLinks` | `boolean` -| Indicates whether information about services should be injected into pod's environment variables +| enableServiceLinks defines whether information about services should be injected into pod's environment variables | `enforcedNamespaceLabel` | `string` -| EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert +| enforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. | `evaluationInterval` | `string` -| Interval between consecutive evaluations. +| evaluationInterval defines the interval between consecutive evaluations. | `excludedFromEnforcement` | `array` -| List of references to PrometheusRule objects +| excludedFromEnforcement defines the list of references to PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true. @@ -209,20 +209,20 @@ Applies only if enforcedNamespaceLabel set to true. | `externalPrefix` | `string` -| The external URL the Thanos Ruler instances will be available under. This is +| externalPrefix defines the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. | `grpcServerTlsConfig` | `object` -| GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads +| grpcServerTlsConfig defines the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args. | `hostAliases` | `array` -| Pods' hostAliases configuration +| hostAliases defines pods' hostAliases configuration | `hostAliases[]` | `object` @@ -231,7 +231,7 @@ pod's hosts file. | `hostUsers` | `boolean` -| HostUsers supports the user space in Kubernetes. +| hostUsers supports the user space in Kubernetes. More info: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/ @@ -240,16 +240,16 @@ Starting Kubernetes 1.33, the feature is enabled by default. | `image` | `string` -| Thanos container image URL. +| image defines Thanos container image URL. | `imagePullPolicy` | `string` -| Image pull policy for the 'thanos', 'init-config-reloader' and 'config-reloader' containers. +| imagePullPolicy defines for the 'thanos', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. | `imagePullSecrets` | `array` -| An optional list of references to secrets in the same namespace +| imagePullSecrets defines an optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod @@ -260,7 +260,7 @@ referenced object inside the same namespace. | `initContainers` | `array` -| InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. +| initContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ @@ -274,40 +274,38 @@ at any time without notice. | `labels` | `object (string)` -| Configures the external label pairs of the ThanosRuler resource. +| labels defines the external label pairs of the ThanosRuler resource. A default replica label `thanos_ruler_replica` will be always added as a label with the value of the pod's name. | `listenLocal` | `boolean` -| ListenLocal makes the Thanos ruler listen on loopback, so that it +| listenLocal defines the Thanos ruler listen on loopback, so that it does not bind against the Pod IP. | `logFormat` | `string` -| Log format for ThanosRuler to be configured with. +| logFormat for ThanosRuler to be configured with. | `logLevel` | `string` -| Log level for ThanosRuler to be configured with. +| logLevel for ThanosRuler to be configured with. | `minReadySeconds` | `integer` -| Minimum number of seconds for which a newly created pod should be ready +| minReadySeconds defines the minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. If unset, pods will be considered available as soon as they are ready. | `nodeSelector` | `object (string)` -| Define which Nodes the Pods are scheduled on. +| nodeSelector defines which Nodes the Pods are scheduled on. | `objectStorageConfig` | `object` -| Configures object storage. - -The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage +| objectStorageConfig defines the configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage The operator performs no validation of the configuration. @@ -315,7 +313,7 @@ The operator performs no validation of the configuration. | `objectStorageConfigFile` | `string` -| Configures the path of the object storage configuration file. +| objectStorageConfigFile defines the path of the object storage configuration file. The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage @@ -325,12 +323,12 @@ This field takes precedence over `objectStorageConfig`. | `paused` | `boolean` -| When a ThanosRuler deployment is paused, no actions except for deletion +| paused defines when a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects. | `podMetadata` | `object` -| PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods. +| podMetadata defines labels and annotations which are propagated to the ThanosRuler pods. The following items are reserved and cannot be overridden: * "app.kubernetes.io/name" label, set to "thanos-ruler". @@ -341,16 +339,16 @@ The following items are reserved and cannot be overridden: | `portName` | `string` -| Port name used for the pods and governing service. +| portName defines the port name used for the pods and governing service. Defaults to `web`. | `priorityClassName` | `string` -| Priority class assigned to the Pods +| priorityClassName defines the priority class assigned to the Pods | `prometheusRulesExcludedFromEnforce` | `array` -| PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing +| prometheusRulesExcludedFromEnforce defines a list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair Deprecated: use excludedFromEnforcement instead. @@ -363,7 +361,7 @@ namespace label for alerts and metrics. | `queryConfig` | `object` -| Configures the list of Thanos Query endpoints from which to query metrics. +| queryConfig defines the list of Thanos Query endpoints from which to query metrics. The configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api @@ -375,7 +373,7 @@ This field takes precedence over `queryEndpoints`. | `queryEndpoints` | `array (string)` -| Configures the list of Thanos Query endpoints from which to query metrics. +| queryEndpoints defines the list of Thanos Query endpoints from which to query metrics. For Thanos >= v0.11.0, it is recommended to use `queryConfig` instead. @@ -383,7 +381,7 @@ For Thanos >= v0.11.0, it is recommended to use `queryConfig` instead. | `remoteWrite` | `array` -| Defines the list of remote write configurations. +| remoteWrite defines the list of remote write configurations. When the list isn't empty, the ruler is configured with stateless mode. @@ -396,20 +394,20 @@ to a remote endpoint. | `replicas` | `integer` -| Number of thanos ruler instances to deploy. +| replicas defines the number of thanos ruler instances to deploy. | `resendDelay` | `string` -| Minimum amount of time to wait before resending an alert to Alertmanager. +| resendDelay defines the minimum amount of time to wait before resending an alert to Alertmanager. | `resources` | `object` -| Resources defines the resource requirements for single Pods. +| resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set | `retention` | `string` -| Time duration ThanosRuler shall retain data for. Default is '24h', and +| retention defines the time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms\|s\|m\|h\|d\|w\|y)` (milliseconds seconds minutes hours days weeks years). @@ -418,53 +416,53 @@ operates in stateless mode. | `routePrefix` | `string` -| The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path. +| routePrefix defines the route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path. | `ruleConcurrentEval` | `integer` -| How many rules can be evaluated concurrently. +| ruleConcurrentEval defines how many rules can be evaluated concurrently. It requires Thanos >= v0.37.0. | `ruleGracePeriod` | `string` -| Minimum duration between alert and restored "for" state. +| ruleGracePeriod defines the minimum duration between alert and restored "for" state. This is maintained only for alerts with configured "for" time greater than grace period. It requires Thanos >= v0.30.0. | `ruleNamespaceSelector` | `object` -| Namespaces to be selected for Rules discovery. If unspecified, only +| ruleNamespaceSelector defines the namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used. | `ruleOutageTolerance` | `string` -| Max time to tolerate prometheus outage for restoring "for" state of alert. +| ruleOutageTolerance defines the max time to tolerate prometheus outage for restoring "for" state of alert. It requires Thanos >= v0.30.0. | `ruleQueryOffset` | `string` -| The default rule group's query offset duration to use. +| ruleQueryOffset defines the default rule group's query offset duration to use. It requires Thanos >= v0.38.0. | `ruleSelector` | `object` -| PrometheusRule objects to be selected for rule evaluation. An empty +| ruleSelector defines the PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects. | `securityContext` | `object` -| SecurityContext holds pod-level security attributes and common container settings. +| securityContext defines the pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. | `serviceAccountName` | `string` -| ServiceAccountName is the name of the ServiceAccount to use to run the +| serviceAccountName defines the name of the ServiceAccount to use to run the Thanos Ruler Pods. | `serviceName` | `string` -| The name of the service name used by the underlying StatefulSet(s) as the governing service. +| serviceName defines the name of the service name used by the underlying StatefulSet(s) as the governing service. If defined, the Service must be created before the ThanosRuler resource in the same namespace and it must define a selector that matches the pod labels. If empty, the operator will create and manage a headless service named `thanos-ruler-operated` for ThanosRuler resources. When deploying multiple ThanosRuler resources in the same namespace, it is recommended to specify a different value for each. @@ -472,11 +470,11 @@ See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stabl | `storage` | `object` -| Storage spec to specify how storage shall be used. +| storage defines the specification of how storage shall be used. | `terminationGracePeriodSeconds` | `integer` -| Optional duration in seconds the pod needs to terminate gracefully. +| terminationGracePeriodSeconds defines the optional duration in seconds the pod needs to terminate gracefully. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down) which may lead to data corruption. @@ -484,7 +482,7 @@ Defaults to 120 seconds. | `tolerations` | `array` -| If specified, the pod's tolerations. +| tolerations defines when specified, the pod's tolerations. | `tolerations[]` | `object` @@ -493,7 +491,7 @@ the triple using the matching operator . | `topologySpreadConstraints` | `array` -| If specified, the pod's topology spread constraints. +| topologySpreadConstraints defines the pod's topology spread constraints. | `topologySpreadConstraints[]` | `object` @@ -501,7 +499,7 @@ the triple using the matching operator . | `tracingConfig` | `object` -| Configures tracing. +| tracingConfig defines the tracing configuration. The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration @@ -514,7 +512,7 @@ The operator performs no validation of the configuration. | `tracingConfigFile` | `string` -| Configures the path of the tracing configuration file. +| tracingConfigFile defines the path of the tracing configuration file. The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration @@ -527,11 +525,11 @@ This field takes precedence over `tracingConfig`. | `version` | `string` -| Version of Thanos to be deployed. +| version of Thanos to be deployed. | `volumeMounts` | `array` -| VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. +| volumeMounts defines how the configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the ruler container, that are generated as a result of StorageSpec objects. @@ -541,7 +539,7 @@ that are generated as a result of StorageSpec objects. | `volumes` | `array` -| Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will +| volumes defines how configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | `volumes[]` @@ -550,14 +548,14 @@ be appended to other volumes that are generated as a result of StorageSpec objec | `web` | `object` -| Defines the configuration of the ThanosRuler web server. +| web defines the configuration of the ThanosRuler web server. |=== === .spec.additionalArgs Description:: + -- -AdditionalArgs allows setting additional arguments for the ThanosRuler container. +additionalArgs defines how to add additional arguments for the ThanosRuler container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the ThanosRuler container which may cause issues if they are invalid or not supported @@ -594,18 +592,18 @@ Required:: | `name` | `string` -| Name of the argument, e.g. "scrape.discovery-reload-interval". +| name of the argument, e.g. "scrape.discovery-reload-interval". | `value` | `string` -| Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) +| value defines the argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) |=== === .spec.affinity Description:: + -- -If specified, the pod's scheduling constraints. +affinity defines when specified, the pod's scheduling constraints. -- Type:: @@ -1693,8 +1691,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` @@ -1731,8 +1729,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. -- @@ -2286,7 +2284,7 @@ merge patch. Description:: + -- -Configures alert relabeling in Thanos Ruler. +alertRelabelConfigs defines the alert relabeling in Thanos Ruler. Alert relabel configuration must have the form as specified in the official Prometheus documentation: @@ -2330,7 +2328,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Configures the list of Alertmanager endpoints to send alerts to. +alertmanagersConfig defines the list of Alertmanager endpoints to send alerts to. The configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager. @@ -2374,7 +2372,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Containers allows injecting additional containers or modifying operator generated +containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a @@ -2442,8 +2440,8 @@ Cannot be updated. | `envFrom` | `array` | List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -2523,10 +2521,10 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co | `restartPolicy` | `string` | RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, +This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: +Additionally, setting the RestartPolicy as "Always" for the init container will +have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" @@ -2538,6 +2536,24 @@ container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. + | `securityContext` | `object` | SecurityContext defines the security options the container should be run with. @@ -2655,7 +2671,8 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. +May consist of any printable ASCII characters except '='. | `value` | `string` @@ -2700,6 +2717,11 @@ Type:: | Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| `fileKeyRef` +| `object` +| FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + | `resourceFieldRef` | `object` | Selects a resource of the container: only resources limits and requests @@ -2774,6 +2796,54 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.containers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. +-- + +Type:: + `object` + +Required:: + - `key` + - `path` + - `volumeName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.containers[].env[].valueFrom.resourceFieldRef Description:: @@ -2849,8 +2919,8 @@ Description:: + -- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -2885,7 +2955,8 @@ Type:: | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. +May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -4067,7 +4138,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -4096,7 +4167,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -4139,6 +4210,93 @@ inside a container. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.containers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.containers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements +are satisfied. The only possible value is "Restart" to restart the +container. + +| `exitCodes` +| `object` +| Represents the exit codes to check on container exits. + +|=== +=== .spec.containers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +Represents the exit codes to check on container exits. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the +specified values. Possible values are: +- In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. +At most 255 elements are allowed. + |=== === .spec.containers[].securityContext Description:: @@ -4829,7 +4987,7 @@ SubPathExpr and SubPath are mutually exclusive. Description:: + -- -Defines the DNS configuration for the pods. +dnsConfig defines Defines the DNS configuration for the pods. -- Type:: @@ -4844,12 +5002,12 @@ Type:: | `nameservers` | `array (string)` -| A list of DNS name server IP addresses. +| nameservers defines the list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. | `options` | `array` -| A list of DNS resolver options. +| options defines the list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Resolution options given in Options will override those that appear in the base DNSPolicy. @@ -4860,7 +5018,7 @@ will override those that appear in the base DNSPolicy. | `searches` | `array (string)` -| A list of DNS search domains for host-name lookup. +| searches defines the list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. |=== @@ -4868,7 +5026,7 @@ This will be appended to the base search paths generated from DNSPolicy. Description:: + -- -A list of DNS resolver options. +options defines the list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Resolution options given in Options will override those that appear in the base DNSPolicy. @@ -4901,18 +5059,18 @@ Required:: | `name` | `string` -| Name is required and must be unique. +| name is required and must be unique. | `value` | `string` -| Value is optional. +| value is optional. |=== === .spec.excludedFromEnforcement Description:: + -- -List of references to PrometheusRule objects +excludedFromEnforcement defines the list of references to PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true. -- @@ -4945,27 +5103,27 @@ Required:: | `group` | `string` -| Group of the referent. When not specified, it defaults to `monitoring.coreos.com` +| group of the referent. When not specified, it defaults to `monitoring.coreos.com` | `name` | `string` -| Name of the referent. When not set, all resources in the namespace are matched. +| name of the referent. When not set, all resources in the namespace are matched. | `namespace` | `string` -| Namespace of the referent. +| namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ | `resource` | `string` -| Resource of the referent. +| resource of the referent. |=== === .spec.grpcServerTlsConfig Description:: + -- -GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads +grpcServerTlsConfig defines the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args. @@ -4983,54 +5141,54 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `caFile` | `string` -| Path to the CA cert in the Prometheus container to use for the targets. +| caFile defines the path to the CA cert in the Prometheus container to use for the targets. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `certFile` | `string` -| Path to the client cert file in the Prometheus container for the targets. +| certFile defines the path to the client cert file in the Prometheus container for the targets. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keyFile` | `string` -| Path to the client key file in the Prometheus container for the targets. +| keyFile defines the path to the client key file in the Prometheus container for the targets. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.grpcServerTlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -5045,18 +5203,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.grpcServerTlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -5092,7 +5250,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -5128,7 +5286,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -5143,18 +5301,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.grpcServerTlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -5190,7 +5348,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -5226,7 +5384,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -5262,7 +5420,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Pods' hostAliases configuration +hostAliases defines pods' hostAliases configuration -- Type:: @@ -5294,18 +5452,18 @@ Required:: | `hostnames` | `array (string)` -| Hostnames for the above IP address. +| hostnames defines hostnames for the above IP address. | `ip` | `string` -| IP address of the host file entry. +| ip defines the IP address of the host file entry. |=== === .spec.imagePullSecrets Description:: + -- -An optional list of references to secrets in the same namespace +imagePullSecrets defines an optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod -- @@ -5347,7 +5505,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. +initContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ @@ -5415,8 +5573,8 @@ Cannot be updated. | `envFrom` | `array` | List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -5496,10 +5654,10 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co | `restartPolicy` | `string` | RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, +This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: +Additionally, setting the RestartPolicy as "Always" for the init container will +have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" @@ -5511,6 +5669,24 @@ container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. + | `securityContext` | `object` | SecurityContext defines the security options the container should be run with. @@ -5628,7 +5804,8 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. +May consist of any printable ASCII characters except '='. | `value` | `string` @@ -5673,6 +5850,11 @@ Type:: | Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| `fileKeyRef` +| `object` +| FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + | `resourceFieldRef` | `object` | Selects a resource of the container: only resources limits and requests @@ -5747,6 +5929,54 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.initContainers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. +-- + +Type:: + `object` + +Required:: + - `key` + - `path` + - `volumeName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.initContainers[].env[].valueFrom.resourceFieldRef Description:: @@ -5822,8 +6052,8 @@ Description:: + -- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -5858,7 +6088,8 @@ Type:: | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. +May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -7040,7 +7271,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -7069,7 +7300,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -7112,6 +7343,93 @@ inside a container. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.initContainers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.initContainers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements +are satisfied. The only possible value is "Restart" to restart the +container. + +| `exitCodes` +| `object` +| Represents the exit codes to check on container exits. + +|=== +=== .spec.initContainers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +Represents the exit codes to check on container exits. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the +specified values. Possible values are: +- In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. +At most 255 elements are allowed. + |=== === .spec.initContainers[].securityContext Description:: @@ -7802,9 +8120,7 @@ SubPathExpr and SubPath are mutually exclusive. Description:: + -- -Configures object storage. - -The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage +objectStorageConfig defines the configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage The operator performs no validation of the configuration. @@ -7844,7 +8160,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods. +podMetadata defines labels and annotations which are propagated to the ThanosRuler pods. The following items are reserved and cannot be overridden: * "app.kubernetes.io/name" label, set to "thanos-ruler". @@ -7866,21 +8182,21 @@ Type:: | `annotations` | `object (string)` -| Annotations is an unstructured key value map stored with a resource that may be +| annotations defines an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | `labels` | `object (string)` -| Map of string keys and values that can be used to organize and categorize +| labels define the map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | `name` | `string` -| Name must be unique within a namespace. Is required when creating resources, although +| name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. @@ -7892,7 +8208,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing +prometheusRulesExcludedFromEnforce defines a list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair Deprecated: use excludedFromEnforcement instead. @@ -7928,18 +8244,18 @@ Required:: | `ruleName` | `string` -| Name of the excluded PrometheusRule object. +| ruleName defines the name of the excluded PrometheusRule object. | `ruleNamespace` | `string` -| Namespace of the excluded PrometheusRule object. +| ruleNamespace defines the namespace of the excluded PrometheusRule object. |=== === .spec.queryConfig Description:: + -- -Configures the list of Thanos Query endpoints from which to query metrics. +queryConfig defines the list of Thanos Query endpoints from which to query metrics. The configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api @@ -7983,7 +8299,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Defines the list of remote write configurations. +remoteWrite defines the list of remote write configurations. When the list isn't empty, the ruler is configured with stateless mode. @@ -8018,7 +8334,7 @@ Required:: | `authorization` | `object` -| Authorization section for the URL. +| authorization section for the URL. It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. @@ -8026,7 +8342,7 @@ Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. | `azureAd` | `object` -| AzureAD for the URL. +| azureAd for the URL. It requires Prometheus >= v2.45.0 or Thanos >= v0.31.0. @@ -8034,43 +8350,42 @@ Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `si | `basicAuth` | `object` -| BasicAuth configuration for the URL. +| basicAuth configuration for the URL. Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. | `bearerToken` | `string` -| *Warning: this field shouldn't be used because the token value appears +| bearerToken is deprecated: this will be removed in a future release. +*Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* -Deprecated: this will be removed in a future release. - | `bearerTokenFile` | `string` -| File from which to read bearer token for the URL. +| bearerTokenFile defines the file from which to read bearer token for the URL. Deprecated: this will be removed in a future release. Prefer using `authorization`. | `enableHTTP2` | `boolean` -| Whether to enable HTTP2. +| enableHTTP2 defines whether to enable HTTP2. | `followRedirects` | `boolean` -| Configure whether HTTP requests follow HTTP 3xx redirects. +| followRedirects defines whether HTTP requests follow HTTP 3xx redirects. It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. | `headers` | `object (string)` -| Custom HTTP headers to be sent along with each remote write request. +| headers defines the custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. It requires Prometheus >= v2.25.0 or Thanos >= v0.24.0. | `messageVersion` | `string` -| The Remote Write message's version to use when writing to the endpoint. +| messageVersion defines the Remote Write message's version to use when writing to the endpoint. `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. @@ -8085,18 +8400,18 @@ It requires Prometheus >= v2.54.0 or Thanos >= v0.37.0. | `metadataConfig` | `object` -| MetadataConfig configures the sending of series metadata to the remote storage. +| metadataConfig defines how to send a series metadata to the remote storage. | `name` | `string` -| The name of the remote write queue, it must be unique if specified. The +| name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. It requires Prometheus >= v2.15.0 or Thanos >= 0.24.0. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -8104,7 +8419,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `oauth2` | `object` -| OAuth2 configuration for the URL. +| oauth2 configuration for the URL. It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. @@ -8112,7 +8427,7 @@ Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azu | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -8127,40 +8442,42 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `queueConfig` | `object` -| QueueConfig allows tuning of the remote write queue parameters. +| queueConfig allows tuning of the remote write queue parameters. | `remoteTimeout` | `string` -| Timeout for requests to the remote write endpoint. +| remoteTimeout defines the timeout for requests to the remote write endpoint. | `roundRobinDNS` | `boolean` -| When enabled: - - The remote-write mechanism will resolve the hostname via DNS. - - It will randomly select one of the resolved IP addresses and connect to it. +| roundRobinDNS controls the DNS resolution behavior for remote-write connections. +When enabled: + - The remote-write mechanism will resolve the hostname via DNS. + - It will randomly select one of the resolved IP addresses and connect to it. When disabled (default behavior): - - The Go standard library will handle hostname resolution. - - It will attempt connections to each resolved IP address sequentially. + - The Go standard library will handle hostname resolution. + - It will attempt connections to each resolved IP address sequentially. Note: The connection timeout applies to the entire resolution and connection process. - If disabled, the timeout is distributed across all connection attempts. + + If disabled, the timeout is distributed across all connection attempts. It requires Prometheus >= v3.1.0 or Thanos >= v0.38.0. | `sendExemplars` | `boolean` -| Enables sending of exemplars over remote write. Note that +| sendExemplars enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the `spec.enableFeatures` option for exemplars to be scraped in the first place. @@ -8168,14 +8485,14 @@ It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. | `sendNativeHistograms` | `boolean` -| Enables sending of native histograms, also known as sparse histograms +| sendNativeHistograms enables sending of native histograms, also known as sparse histograms over remote write. It requires Prometheus >= v2.40.0 or Thanos >= v0.30.0. | `sigv4` | `object` -| Sigv4 allows to configures AWS's Signature Verification 4 for the URL. +| sigv4 defines the AWS's Signature Verification 4 for the URL. It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. @@ -8183,15 +8500,15 @@ Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `az | `tlsConfig` | `object` -| TLS Config to use for the URL. +| tlsConfig to use for the URL. | `url` | `string` -| The URL of the endpoint to send samples to. +| url defines the URL of the endpoint to send samples to. | `writeRelabelConfigs` | `array` -| The list of remote write relabel configurations. +| writeRelabelConfigs defines the list of remote write relabel configurations. | `writeRelabelConfigs[]` | `object` @@ -8205,7 +8522,7 @@ More info: https://prometheus.io/docs/prometheus/latest/configuration/configurat Description:: + -- -Authorization section for the URL. +authorization section for the URL. It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. @@ -8224,15 +8541,15 @@ Type:: | `credentials` | `object` -| Selects a key of a Secret in the namespace that contains the credentials for authentication. +| credentials defines a key of a Secret in the namespace that contains the credentials for authentication. | `credentialsFile` | `string` -| File to read a secret from, mutually exclusive with `credentials`. +| credentialsFile defines the file to read a secret from, mutually exclusive with `credentials`. | `type` | `string` -| Defines the authentication type. The value is case-insensitive. +| type defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. @@ -8243,7 +8560,7 @@ Default: "Bearer" Description:: + -- -Selects a key of a Secret in the namespace that contains the credentials for authentication. +credentials defines a key of a Secret in the namespace that contains the credentials for authentication. -- Type:: @@ -8279,7 +8596,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -AzureAD for the URL. +azureAd for the URL. It requires Prometheus >= v2.45.0 or Thanos >= v0.31.0. @@ -8298,23 +8615,23 @@ Type:: | `cloud` | `string` -| The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'. +| cloud defines the Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'. | `managedIdentity` | `object` -| ManagedIdentity defines the Azure User-assigned Managed identity. +| managedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as `oauth` or `sdk`. | `oauth` | `object` -| OAuth defines the oauth config that is being used to authenticate. +| oauth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0. | `sdk` | `object` -| SDK defines the Azure SDK config that is being used to authenticate. +| sdk defines the Azure SDK config that is being used to authenticate. See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. @@ -8325,7 +8642,7 @@ It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0. Description:: + -- -ManagedIdentity defines the Azure User-assigned Managed identity. +managedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as `oauth` or `sdk`. -- @@ -8343,14 +8660,14 @@ Required:: | `clientId` | `string` -| The client id +| clientId defines defines the Azure User-assigned Managed identity. |=== === .spec.remoteWrite[].azureAd.oauth Description:: + -- -OAuth defines the oauth config that is being used to authenticate. +oauth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0. @@ -8372,22 +8689,22 @@ Required:: | `clientId` | `string` -| `clientID` is the clientId of the Azure Active Directory application that is being used to authenticate. +| clientId defines the clientId of the Azure Active Directory application that is being used to authenticate. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate. +| clientSecret specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate. | `tenantId` | `string` -| `tenantId` is the tenant ID of the Azure Active Directory application that is being used to authenticate. +| tenantId is the tenant ID of the Azure Active Directory application that is being used to authenticate. |=== === .spec.remoteWrite[].azureAd.oauth.clientSecret Description:: + -- -`clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate. +clientSecret specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate. -- Type:: @@ -8423,7 +8740,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -SDK defines the Azure SDK config that is being used to authenticate. +sdk defines the Azure SDK config that is being used to authenticate. See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. @@ -8442,14 +8759,14 @@ Type:: | `tenantId` | `string` -| `tenantId` is the tenant ID of the azure active directory application that is being used to authenticate. +| tenantId defines the tenant ID of the azure active directory application that is being used to authenticate. |=== === .spec.remoteWrite[].basicAuth Description:: + -- -BasicAuth configuration for the URL. +basicAuth configuration for the URL. Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. -- @@ -8466,12 +8783,12 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for +| password defines a key of a Secret containing the password for authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for +| username defines a key of a Secret containing the username for authentication. |=== @@ -8479,7 +8796,7 @@ authentication. Description:: + -- -`password` specifies a key of a Secret containing the password for +password defines a key of a Secret containing the password for authentication. -- @@ -8516,7 +8833,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`username` specifies a key of a Secret containing the username for +username defines a key of a Secret containing the username for authentication. -- @@ -8553,7 +8870,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -MetadataConfig configures the sending of series metadata to the remote storage. +metadataConfig defines how to send a series metadata to the remote storage. -- Type:: @@ -8568,24 +8885,24 @@ Type:: | `maxSamplesPerSend` | `integer` -| MaxSamplesPerSend is the maximum number of metadata samples per send. +| maxSamplesPerSend defines the maximum number of metadata samples per send. It requires Prometheus >= v2.29.0. | `send` | `boolean` -| Defines whether metric metadata is sent to the remote storage or not. +| send defines whether metric metadata is sent to the remote storage or not. | `sendInterval` | `string` -| Defines how frequently metric metadata is sent to the remote storage. +| sendInterval defines how frequently metric metadata is sent to the remote storage. |=== === .spec.remoteWrite[].oauth2 Description:: + -- -OAuth2 configuration for the URL. +oauth2 configuration for the URL. It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0. @@ -8608,22 +8925,22 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the +| clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 +| clientSecret defines a key of a Secret containing the OAuth2 client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token +| endpointParams configures the HTTP parameters to append to the token URL. | `noProxy` | `string` -| `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names +| noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. @@ -8631,7 +8948,7 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyConnectHeader` | `object` -| ProxyConnectHeader optionally specifies headers to send to +| proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -8646,33 +8963,33 @@ It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyFromEnvironment` | `boolean` -| Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). +| proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. | `proxyUrl` | `string` -| `proxyURL` defines the HTTP proxy server to use. +| proxyUrl defines the HTTP proxy server to use. | `scopes` | `array (string)` -| `scopes` defines the OAuth2 scopes used for the token request. +| scopes defines the OAuth2 scopes used for the token request. | `tlsConfig` | `object` -| TLS configuration to use when connecting to the OAuth2 server. +| tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. | `tokenUrl` | `string` -| `tokenURL` configures the URL to fetch the token from. +| tokenUrl defines the URL to fetch the token from. |=== === .spec.remoteWrite[].oauth2.clientId Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the +clientId defines a key of a Secret or ConfigMap containing the OAuth2 client's ID. -- @@ -8688,18 +9005,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteWrite[].oauth2.clientId.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -8735,7 +9052,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -8771,7 +9088,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 +clientSecret defines a key of a Secret containing the OAuth2 client's secret. -- @@ -8808,7 +9125,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -8873,7 +9190,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS configuration to use when connecting to the OAuth2 server. +tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0. -- @@ -8889,42 +9206,42 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.remoteWrite[].oauth2.tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -8939,18 +9256,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteWrite[].oauth2.tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -8986,7 +9303,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -9022,7 +9339,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -9037,18 +9354,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteWrite[].oauth2.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -9084,7 +9401,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -9120,7 +9437,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -9156,7 +9473,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -ProxyConnectHeader optionally specifies headers to send to +proxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0. @@ -9221,7 +9538,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -QueueConfig allows tuning of the remote write queue parameters. +queueConfig allows tuning of the remote write queue parameters. -- Type:: @@ -9236,47 +9553,47 @@ Type:: | `batchSendDeadline` | `string` -| BatchSendDeadline is the maximum time a sample will wait in buffer. +| batchSendDeadline defines the maximum time a sample will wait in buffer. | `capacity` | `integer` -| Capacity is the number of samples to buffer per shard before we start +| capacity defines the number of samples to buffer per shard before we start dropping them. | `maxBackoff` | `string` -| MaxBackoff is the maximum retry delay. +| maxBackoff defines the maximum retry delay. | `maxRetries` | `integer` -| MaxRetries is the maximum number of times to retry a batch on recoverable errors. +| maxRetries defines the maximum number of times to retry a batch on recoverable errors. | `maxSamplesPerSend` | `integer` -| MaxSamplesPerSend is the maximum number of samples per send. +| maxSamplesPerSend defines the maximum number of samples per send. | `maxShards` | `integer` -| MaxShards is the maximum number of shards, i.e. amount of concurrency. +| maxShards defines the maximum number of shards, i.e. amount of concurrency. | `minBackoff` | `string` -| MinBackoff is the initial retry delay. Gets doubled for every retry. +| minBackoff defines the initial retry delay. Gets doubled for every retry. | `minShards` | `integer` -| MinShards is the minimum number of shards, i.e. amount of concurrency. +| minShards defines the minimum number of shards, i.e. amount of concurrency. | `retryOnRateLimit` | `boolean` -| Retry upon receiving a 429 status code from the remote-write storage. +| retryOnRateLimit defines the retry upon receiving a 429 status code from the remote-write storage. This is an *experimental feature*, it may change in any upcoming release in a breaking way. | `sampleAgeLimit` | `string` -| SampleAgeLimit drops samples older than the limit. +| sampleAgeLimit drops samples older than the limit. It requires Prometheus >= v2.50.0 or Thanos >= v0.32.0. |=== @@ -9284,7 +9601,7 @@ It requires Prometheus >= v2.50.0 or Thanos >= v0.32.0. Description:: + -- -Sigv4 allows to configures AWS's Signature Verification 4 for the URL. +sigv4 defines the AWS's Signature Verification 4 for the URL. It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0. @@ -9303,32 +9620,37 @@ Type:: | `accessKey` | `object` -| AccessKey is the AWS API key. If not specified, the environment variable +| accessKey defines the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. | `profile` | `string` -| Profile is the named AWS profile used to authenticate. +| profile defines the named AWS profile used to authenticate. | `region` | `string` -| Region is the AWS region. If blank, the region from the default credentials chain used. +| region defines the AWS region. If blank, the region from the default credentials chain used. | `roleArn` | `string` -| RoleArn is the named AWS profile used to authenticate. +| roleArn defines the named AWS profile used to authenticate. | `secretKey` | `object` -| SecretKey is the AWS API secret. If not specified, the environment +| secretKey defines the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. +| `useFIPSSTSEndpoint` +| `boolean` +| useFIPSSTSEndpoint defines FIPS mode for AWS STS endpoint. +It requires Prometheus >= v2.54.0. + |=== === .spec.remoteWrite[].sigv4.accessKey Description:: + -- -AccessKey is the AWS API key. If not specified, the environment variable +accessKey defines the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. -- @@ -9365,7 +9687,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -SecretKey is the AWS API secret. If not specified, the environment +secretKey defines the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. -- @@ -9402,7 +9724,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -TLS Config to use for the URL. +tlsConfig to use for the URL. -- Type:: @@ -9417,54 +9739,54 @@ Type:: | `ca` | `object` -| Certificate authority used when verifying server certificates. +| ca defines the Certificate authority used when verifying server certificates. | `caFile` | `string` -| Path to the CA cert in the Prometheus container to use for the targets. +| caFile defines the path to the CA cert in the Prometheus container to use for the targets. | `cert` | `object` -| Client certificate to present when doing client-authentication. +| cert defines the Client certificate to present when doing client-authentication. | `certFile` | `string` -| Path to the client cert file in the Prometheus container for the targets. +| certFile defines the path to the client cert file in the Prometheus container for the targets. | `insecureSkipVerify` | `boolean` -| Disable target certificate validation. +| insecureSkipVerify defines how to disable target certificate validation. | `keyFile` | `string` -| Path to the client key file in the Prometheus container for the targets. +| keyFile defines the path to the client key file in the Prometheus container for the targets. | `keySecret` | `object` -| Secret containing the client key file for the targets. +| keySecret defines the Secret containing the client key file for the targets. | `maxVersion` | `string` -| Maximum acceptable TLS version. +| maxVersion defines the maximum acceptable TLS version. It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0. | `minVersion` | `string` -| Minimum acceptable TLS version. +| minVersion defines the minimum acceptable TLS version. It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0. | `serverName` | `string` -| Used to verify the hostname for the targets. +| serverName is used to verify the hostname for the targets. |=== === .spec.remoteWrite[].tlsConfig.ca Description:: + -- -Certificate authority used when verifying server certificates. +ca defines the Certificate authority used when verifying server certificates. -- Type:: @@ -9479,18 +9801,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteWrite[].tlsConfig.ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -9526,7 +9848,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -9562,7 +9884,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Client certificate to present when doing client-authentication. +cert defines the Client certificate to present when doing client-authentication. -- Type:: @@ -9577,18 +9899,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.remoteWrite[].tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -9624,7 +9946,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -9660,7 +9982,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the client key file for the targets. +keySecret defines the Secret containing the client key file for the targets. -- Type:: @@ -9696,7 +10018,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -The list of remote write relabel configurations. +writeRelabelConfigs defines the list of remote write relabel configurations. -- Type:: @@ -9727,7 +10049,7 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. +| action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. @@ -9736,34 +10058,34 @@ Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. +| modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. | `regex` | `string` -| Regular expression against which the extracted value is matched. +| regex defines the regular expression against which the extracted value is matched. | `replacement` | `string` -| Replacement value against which a Replace action is performed if the +| replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available. | `separator` | `string` -| Separator is the string between concatenated SourceLabels. +| separator defines the string between concatenated SourceLabels. | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is +| sourceLabels defines the source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. +| targetLabel defines the label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. @@ -9775,7 +10097,7 @@ Regex capture groups are available. Description:: + -- -Resources defines the resource requirements for single Pods. +resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set -- @@ -9794,7 +10116,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -9823,7 +10145,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -9871,7 +10193,7 @@ only the result of this request. Description:: + -- -Namespaces to be selected for Rules discovery. If unspecified, only +ruleNamespaceSelector defines the namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used. -- @@ -9956,7 +10278,7 @@ merge patch. Description:: + -- -PrometheusRule objects to be selected for rule evaluation. An empty +ruleSelector defines the PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects. -- @@ -10042,7 +10364,7 @@ merge patch. Description:: + -- -SecurityContext holds pod-level security attributes and common container settings. +securityContext defines the pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. -- @@ -10394,7 +10716,7 @@ PodSecurityContext, the value specified in SecurityContext takes precedence. Description:: + -- -Storage spec to specify how storage shall be used. +storage defines the specification of how storage shall be used. -- Type:: @@ -10409,24 +10731,24 @@ Type:: | `disableMountSubPath` | `boolean` -| Deprecated: subPath usage will be removed in a future release. +| disableMountSubPath deprecated: subPath usage will be removed in a future release. | `emptyDir` | `object` -| EmptyDirVolumeSource to be used by the StatefulSet. +| emptyDir to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir | `ephemeral` | `object` -| EphemeralVolumeSource to be used by the StatefulSet. +| ephemeral to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes | `volumeClaimTemplate` | `object` -| Defines the PVC spec to be used by the Prometheus StatefulSets. +| volumeClaimTemplate defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. @@ -10435,7 +10757,7 @@ is to use a label selector alongside manually created PersistentVolumes. Description:: + -- -EmptyDirVolumeSource to be used by the StatefulSet. +emptyDir to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir -- @@ -10471,7 +10793,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir Description:: + -- -EphemeralVolumeSource to be used by the StatefulSet. +ephemeral to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes @@ -10664,15 +10986,13 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class- | volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. +it can be changed after the claim is created. An empty string or nil value indicates that no +VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, +this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). | `volumeMode` | `string` @@ -10911,7 +11231,7 @@ merge patch. Description:: + -- -Defines the PVC spec to be used by the Prometheus StatefulSets. +volumeClaimTemplate defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. -- @@ -10943,23 +11263,23 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- | `metadata` | `object` -| EmbeddedMetadata contains metadata relevant to an EmbeddedResource. +| metadata defines EmbeddedMetadata contains metadata relevant to an EmbeddedResource. | `spec` | `object` -| Defines the desired characteristics of a volume requested by a pod author. +| spec defines the specification of the characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | `status` | `object` -| Deprecated: this field is never set. +| status is deprecated: this field is never set. |=== === .spec.storage.volumeClaimTemplate.metadata Description:: + -- -EmbeddedMetadata contains metadata relevant to an EmbeddedResource. +metadata defines EmbeddedMetadata contains metadata relevant to an EmbeddedResource. -- Type:: @@ -10974,21 +11294,21 @@ Type:: | `annotations` | `object (string)` -| Annotations is an unstructured key value map stored with a resource that may be +| annotations defines an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | `labels` | `object (string)` -| Map of string keys and values that can be used to organize and categorize +| labels define the map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | `name` | `string` -| Name must be unique within a namespace. Is required when creating resources, although +| name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. @@ -11000,7 +11320,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Defines the desired characteristics of a volume requested by a pod author. +spec defines the specification of the characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims -- @@ -11078,15 +11398,13 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class- | volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. +it can be changed after the claim is created. An empty string or nil value indicates that no +VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, +this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). | `volumeMode` | `string` @@ -11325,7 +11643,7 @@ merge patch. Description:: + -- -Deprecated: this field is never set. +status is deprecated: this field is never set. -- Type:: @@ -11423,13 +11741,11 @@ resized then the Condition will be set to 'Resizing'. | `string` | currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim -This is a beta field and requires enabling VolumeAttributesClass feature (off by default). | `modifyVolumeStatus` | `object` | ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. -This is a beta field and requires enabling VolumeAttributesClass feature (off by default). | `phase` | `string` @@ -11506,7 +11822,6 @@ Description:: -- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. -This is a beta field and requires enabling VolumeAttributesClass feature (off by default). -- Type:: @@ -11543,7 +11858,7 @@ Note: New statuses can be added in the future. Consumers should check for unknow Description:: + -- -If specified, the pod's tolerations. +tolerations defines when specified, the pod's tolerations. -- Type:: @@ -11604,7 +11919,7 @@ If the operator is Exists, the value should be empty, otherwise just a regular s Description:: + -- -If specified, the pod's topology spread constraints. +topologySpreadConstraints defines the pod's topology spread constraints. -- Type:: @@ -11839,7 +12154,7 @@ merge patch. Description:: + -- -Configures tracing. +tracingConfig defines the tracing configuration. The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration @@ -11884,7 +12199,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. +volumeMounts defines how the configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the ruler container, that are generated as a result of StorageSpec objects. -- @@ -11974,7 +12289,7 @@ SubPathExpr and SubPath are mutually exclusive. Description:: + -- -Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will +volumes defines how configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. -- @@ -12113,7 +12428,6 @@ into the Pod's container. | `object` | glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. -More info: https://examples.k8s.io/volumes/glusterfs/README.md | `hostPath` | `object` @@ -12144,7 +12458,7 @@ The field spec.securityContext.fsGroupChangePolicy has no effect on this volume | `object` | iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi | `name` | `string` @@ -12188,7 +12502,6 @@ Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supp | `object` | rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. -More info: https://examples.k8s.io/volumes/rbd/README.md | `scaleIO` | `object` @@ -13095,15 +13408,13 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class- | volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. +it can be changed after the claim is created. An empty string or nil value indicates that no +VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, +this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). | `volumeMode` | `string` @@ -13581,7 +13892,6 @@ Description:: -- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. -More info: https://examples.k8s.io/volumes/glusterfs/README.md -- Type:: @@ -13600,7 +13910,6 @@ Required:: | `endpoints` | `string` | endpoints is the endpoint name that details Glusterfs topology. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod | `path` | `string` @@ -13704,7 +14013,7 @@ Description:: -- iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi -- Type:: @@ -14033,6 +14342,43 @@ may change the order over time. | `object` | downwardAPI information about the downwardAPI data to project +| `podCertificate` +| `object` +| Projects an auto-rotating credential bundle (private key and certificate +chain) that the pod can use either as a TLS client or server. + +Kubelet generates a private key and uses it to send a +PodCertificateRequest to the named signer. Once the signer approves the +request and issues a certificate chain, Kubelet writes the key and +certificate chain to the pod filesystem. The pod does not start until +certificates have been issued for each podCertificate projected volume +source in its spec. + +Kubelet will begin trying to rotate the certificate at the time indicated +by the signer using the PodCertificateRequest.Status.BeginRefreshAt +timestamp. + +Kubelet can write a single file, indicated by the credentialBundlePath +field, or separate files, indicated by the keyPath and +certificateChainPath fields. + +The credential bundle is a single file in PEM format. The first PEM +entry is the private key (in PKCS#8 format), and the remaining PEM +entries are the certificate chain issued by the signer (typically, +signers will return their certificate chain in leaf-to-root order). + +Prefer using the credential bundle format, since your application code +can read it atomically. If you use keyPath and certificateChainPath, +your application must make two separate file reads. If these coincide +with a certificate rotation, it is possible that the private key and leaf +certificate you read may not correspond to each other. Your application +will need to check for this condition, and re-read until they are +consistent. + +The named signer controls chooses the format of the certificate it +issues; consult the signer implementation's documentation to learn how to +use the certificates it issues. + | `secret` | `object` | secret information about the secret data to project @@ -14436,6 +14782,123 @@ Required:: | `string` | Required: resource to select +|=== +=== .spec.volumes[].projected.sources[].podCertificate +Description:: ++ +-- +Projects an auto-rotating credential bundle (private key and certificate +chain) that the pod can use either as a TLS client or server. + +Kubelet generates a private key and uses it to send a +PodCertificateRequest to the named signer. Once the signer approves the +request and issues a certificate chain, Kubelet writes the key and +certificate chain to the pod filesystem. The pod does not start until +certificates have been issued for each podCertificate projected volume +source in its spec. + +Kubelet will begin trying to rotate the certificate at the time indicated +by the signer using the PodCertificateRequest.Status.BeginRefreshAt +timestamp. + +Kubelet can write a single file, indicated by the credentialBundlePath +field, or separate files, indicated by the keyPath and +certificateChainPath fields. + +The credential bundle is a single file in PEM format. The first PEM +entry is the private key (in PKCS#8 format), and the remaining PEM +entries are the certificate chain issued by the signer (typically, +signers will return their certificate chain in leaf-to-root order). + +Prefer using the credential bundle format, since your application code +can read it atomically. If you use keyPath and certificateChainPath, +your application must make two separate file reads. If these coincide +with a certificate rotation, it is possible that the private key and leaf +certificate you read may not correspond to each other. Your application +will need to check for this condition, and re-read until they are +consistent. + +The named signer controls chooses the format of the certificate it +issues; consult the signer implementation's documentation to learn how to +use the certificates it issues. +-- + +Type:: + `object` + +Required:: + - `keyType` + - `signerName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `certificateChainPath` +| `string` +| Write the certificate chain at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath +and certificateChainPath, your application needs to check that the key +and leaf certificate are consistent, because it is possible to read the +files mid-rotation. + +| `credentialBundlePath` +| `string` +| Write the credential bundle at this path in the projected volume. + +The credential bundle is a single file that contains multiple PEM blocks. +The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private +key. + +The remaining blocks are CERTIFICATE blocks, containing the issued +certificate chain from the signer (leaf and any intermediates). + +Using credentialBundlePath lets your Pod's application code make a single +atomic read that retrieves a consistent key and certificate chain. If you +project them to separate files, your application code will need to +additionally check that the leaf certificate was issued to the key. + +| `keyPath` +| `string` +| Write the key at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath +and certificateChainPath, your application needs to check that the key +and leaf certificate are consistent, because it is possible to read the +files mid-rotation. + +| `keyType` +| `string` +| The type of keypair Kubelet will generate for the pod. + +Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", +"ECDSAP521", and "ED25519". + +| `maxExpirationSeconds` +| `integer` +| maxExpirationSeconds is the maximum lifetime permitted for the +certificate. + +Kubelet copies this value verbatim into the PodCertificateRequests it +generates for this projection. + +If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver +will reject values shorter than 3600 (1 hour). The maximum allowable +value is 7862400 (91 days). + +The signer implementation is then free to issue a certificate with any +lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 +seconds (1 hour). This constraint is enforced by kube-apiserver. +`kubernetes.io` signers will never issue certificates with a lifetime +longer than 24 hours. + +| `signerName` +| `string` +| Kubelet's generated CSRs will be addressed to this signer. + |=== === .spec.volumes[].projected.sources[].secret Description:: @@ -14640,7 +15103,6 @@ Description:: -- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. -More info: https://examples.k8s.io/volumes/rbd/README.md -- Type:: @@ -15063,7 +15525,7 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. Description:: + -- -Defines the configuration of the ThanosRuler web server. +web defines the configuration of the ThanosRuler web server. -- Type:: @@ -15078,18 +15540,18 @@ Type:: | `httpConfig` | `object` -| Defines HTTP parameters for web server. +| httpConfig defines HTTP parameters for web server. | `tlsConfig` | `object` -| Defines the TLS parameters for HTTPS. +| tlsConfig defines the TLS parameters for HTTPS. |=== === .spec.web.httpConfig Description:: + -- -Defines HTTP parameters for web server. +httpConfig defines HTTP parameters for web server. -- Type:: @@ -15104,11 +15566,11 @@ Type:: | `headers` | `object` -| List of headers that can be added to HTTP responses. +| headers defines a list of headers that can be added to HTTP responses. | `http2` | `boolean` -| Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. +| http2 enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered. @@ -15117,7 +15579,7 @@ Whenever the value of the field changes, a rolling update will be triggered. Description:: + -- -List of headers that can be added to HTTP responses. +headers defines a list of headers that can be added to HTTP responses. -- Type:: @@ -15132,12 +15594,12 @@ Type:: | `contentSecurityPolicy` | `string` -| Set the Content-Security-Policy header to HTTP responses. +| contentSecurityPolicy defines the Content-Security-Policy header to HTTP responses. Unset if blank. | `strictTransportSecurity` | `string` -| Set the Strict-Transport-Security header to HTTP responses. +| strictTransportSecurity defines the Strict-Transport-Security header to HTTP responses. Unset if blank. Please make sure that you use this with care as this header might force browsers to load Prometheus and the other applications hosted on the same @@ -15146,19 +15608,19 @@ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Secur | `xContentTypeOptions` | `string` -| Set the X-Content-Type-Options header to HTTP responses. +| xContentTypeOptions defines the X-Content-Type-Options header to HTTP responses. Unset if blank. Accepted value is nosniff. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options | `xFrameOptions` | `string` -| Set the X-Frame-Options header to HTTP responses. +| xFrameOptions defines the X-Frame-Options header to HTTP responses. Unset if blank. Accepted values are deny and sameorigin. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | `xXSSProtection` | `string` -| Set the X-XSS-Protection header to all responses. +| xXSSProtection defines the X-XSS-Protection header to all responses. Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection @@ -15167,7 +15629,7 @@ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection Description:: + -- -Defines the TLS parameters for HTTPS. +tlsConfig defines the TLS parameters for HTTPS. -- Type:: @@ -15182,7 +15644,7 @@ Type:: | `cert` | `object` -| Secret or ConfigMap containing the TLS certificate for the web server. +| cert defines the Secret or ConfigMap containing the TLS certificate for the web server. Either `keySecret` or `keyFile` must be defined. @@ -15190,7 +15652,7 @@ It is mutually exclusive with `certFile`. | `certFile` | `string` -| Path to the TLS certificate file in the container for the web server. +| certFile defines the path to the TLS certificate file in the container for the web server. Either `keySecret` or `keyFile` must be defined. @@ -15198,7 +15660,7 @@ It is mutually exclusive with `cert`. | `cipherSuites` | `array (string)` -| List of supported cipher suites for TLS versions up to TLS 1.2. +| cipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. If not defined, the Go default cipher suites are used. Available cipher suites are documented in the Go documentation: @@ -15206,28 +15668,28 @@ https://golang.org/pkg/crypto/tls/#pkg-constants | `clientAuthType` | `string` -| The server policy for client TLS authentication. +| clientAuthType defines the server policy for client TLS authentication. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType | `clientCAFile` | `string` -| Path to the CA certificate file for client certificate authentication to +| clientCAFile defines the path to the CA certificate file for client certificate authentication to the server. It is mutually exclusive with `client_ca`. | `client_ca` | `object` -| Secret or ConfigMap containing the CA certificate for client certificate +| client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. It is mutually exclusive with `clientCAFile`. | `curvePreferences` | `array (string)` -| Elliptic curves that will be used in an ECDHE handshake, in preference +| curvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the Go documentation: @@ -15235,7 +15697,7 @@ https://golang.org/pkg/crypto/tls/#CurveID | `keyFile` | `string` -| Path to the TLS private key file in the container for the web server. +| keyFile defines the path to the TLS private key file in the container for the web server. If defined, either `cert` or `certFile` must be defined. @@ -15243,7 +15705,7 @@ It is mutually exclusive with `keySecret`. | `keySecret` | `object` -| Secret containing the TLS private key for the web server. +| keySecret defines the secret containing the TLS private key for the web server. Either `cert` or `certFile` must be defined. @@ -15251,15 +15713,15 @@ It is mutually exclusive with `keyFile`. | `maxVersion` | `string` -| Maximum TLS version that is acceptable. +| maxVersion defines the Maximum TLS version that is acceptable. | `minVersion` | `string` -| Minimum TLS version that is acceptable. +| minVersion defines the minimum TLS version that is acceptable. | `preferServerCipherSuites` | `boolean` -| Controls whether the server selects the client's most preferred cipher +| preferServerCipherSuites defines whether the server selects the client's most preferred cipher suite, or the server's most preferred cipher suite. If true then the server's preference, as expressed in @@ -15270,7 +15732,7 @@ the order of elements in cipherSuites, is used. Description:: + -- -Secret or ConfigMap containing the TLS certificate for the web server. +cert defines the Secret or ConfigMap containing the TLS certificate for the web server. Either `keySecret` or `keyFile` must be defined. @@ -15289,18 +15751,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.web.tlsConfig.cert.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -15336,7 +15798,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -15372,7 +15834,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret or ConfigMap containing the CA certificate for client certificate +client_ca defines the Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. It is mutually exclusive with `clientCAFile`. @@ -15390,18 +15852,18 @@ Type:: | `configMap` | `object` -| ConfigMap containing data to use for the targets. +| configMap defines the ConfigMap containing data to use for the targets. | `secret` | `object` -| Secret containing data to use for the targets. +| secret defines the Secret containing data to use for the targets. |=== === .spec.web.tlsConfig.client_ca.configMap Description:: + -- -ConfigMap containing data to use for the targets. +configMap defines the ConfigMap containing data to use for the targets. -- Type:: @@ -15437,7 +15899,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing data to use for the targets. +secret defines the Secret containing data to use for the targets. -- Type:: @@ -15473,7 +15935,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Secret containing the TLS private key for the web server. +keySecret defines the secret containing the TLS private key for the web server. Either `cert` or `certFile` must be defined. @@ -15513,7 +15975,7 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam Description:: + -- -Most recent observed status of the ThanosRuler cluster. Read-only. +status defines the most recent observed status of the ThanosRuler cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status -- @@ -15521,12 +15983,6 @@ https://github.com/kubernetes/community/blob/master/contributors/devel/sig-archi Type:: `object` -Required:: - - `availableReplicas` - - `paused` - - `replicas` - - `unavailableReplicas` - - `updatedReplicas` @@ -15536,12 +15992,12 @@ Required:: | `availableReplicas` | `integer` -| Total number of available pods (ready for at least minReadySeconds) +| availableReplicas defines the total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment. | `conditions` | `array` -| The current state of the ThanosRuler object. +| conditions defines the current state of the ThanosRuler object. | `conditions[]` | `object` @@ -15550,21 +16006,21 @@ Prometheus, Alertmanager or ThanosRuler resource. | `paused` | `boolean` -| Represents whether any actions on the underlying managed objects are +| paused defines whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. | `replicas` | `integer` -| Total number of non-terminated pods targeted by this ThanosRuler deployment +| replicas defines the total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector). | `unavailableReplicas` | `integer` -| Total number of unavailable pods targeted by this ThanosRuler deployment. +| unavailableReplicas defines the total number of unavailable pods targeted by this ThanosRuler deployment. | `updatedReplicas` | `integer` -| Total number of non-terminated pods targeted by this ThanosRuler deployment +| updatedReplicas defines the total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec. |=== @@ -15572,7 +16028,7 @@ that have the desired version spec. Description:: + -- -The current state of the ThanosRuler object. +conditions defines the current state of the ThanosRuler object. -- Type:: @@ -15609,11 +16065,11 @@ Required:: | `message` | `string` -| Human-readable message indicating details for the condition's last transition. +| message defines human-readable message indicating details for the condition's last transition. | `observedGeneration` | `integer` -| ObservedGeneration represents the .metadata.generation that the +| observedGeneration defines the .metadata.generation that the condition was set based upon. For instance, if `.metadata.generation` is currently 12, but the `.status.conditions[].observedGeneration` is 9, the condition is out of date with respect to the current state of the @@ -15621,15 +16077,15 @@ instance. | `reason` | `string` -| Reason for the condition's last transition. +| reason for the condition's last transition. | `status` | `string` -| Status of the condition. +| status of the condition. | `type` | `string` -| Type of the condition being reported. +| type of the condition being reported. |=== diff --git a/rest_api/network_apis/clusteruserdefinednetwork-k8s-ovn-org-v1.adoc b/rest_api/network_apis/clusteruserdefinednetwork-k8s-ovn-org-v1.adoc index 3ceb02a3e9..f99d91703a 100644 --- a/rest_api/network_apis/clusteruserdefinednetwork-k8s-ovn-org-v1.adoc +++ b/rest_api/network_apis/clusteruserdefinednetwork-k8s-ovn-org-v1.adoc @@ -221,6 +221,28 @@ Required:: |=== | Property | Type | Description +| `defaultGatewayIPs` +| `array (string)` +| defaultGatewayIPs specifies the default gateway IP used in the internal OVN topology. + +Dual-stack clusters may set 2 IPs (one for each IP family), otherwise only 1 IP is allowed. +This field is only allowed for "Primary" network. +It is not recommended to set this field without explicit need and understanding of the OVN network topology. +When omitted, an IP from the subnets field is used. + +| `infrastructureSubnets` +| `array (string)` +| infrastructureSubnets specifies a list of internal CIDR ranges that OVN-Kubernetes will reserve for internal network infrastructure. +Any IP addresses within these ranges cannot be assigned to workloads. +When omitted, OVN-Kubernetes will automatically allocate IP addresses from `subnets` for its infrastructure needs. +When there are not enough available IPs in the provided infrastructureSubnets, OVN-Kubernetes will automatically allocate IP addresses from subnets for its infrastructure needs. +When `reservedSubnets` is also specified the CIDRs cannot overlap. +When `defaultGatewayIPs` is also specified, the default gateway IPs must belong to one of the infrastructure subnet CIDRs. +Each item should be in range of the specified CIDR(s) in `subnets`. +The maximum number of entries allowed is 4. +The format should match standard CIDR notation (for example, "10.128.0.0/16"). +This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`. + | `ipam` | `object` | IPAM section contains IPAM-related configuration for the network. @@ -239,6 +261,16 @@ When omitted, the platform will choose a reasonable default which is subject to | MTU is the maximum transmission unit for a network. MTU is optional, if not provided, the globally configured value in OVN-Kubernetes (defaults to 1400) is used for the network. +| `reservedSubnets` +| `array (string)` +| reservedSubnets specifies a list of CIDRs reserved for static IP assignment, excluded from automatic allocation. +reservedSubnets is optional. When omitted, all IP addresses in `subnets` are available for automatic assignment. +IPs from these ranges can still be requested through static IP assignment. +Each item should be in range of the specified CIDR(s) in `subnets`. +The maximum number of entries allowed is 25. +The format should match standard CIDR notation (for example, "10.128.0.0/16"). +This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`. + | `role` | `string` | Role describes the network role in the pod. diff --git a/rest_api/network_apis/gateway-gateway-networking-k8s-io-v1.adoc b/rest_api/network_apis/gateway-gateway-networking-k8s-io-v1.adoc index 77d20afaae..a0dc7ea9d9 100644 --- a/rest_api/network_apis/gateway-gateway-networking-k8s-io-v1.adoc +++ b/rest_api/network_apis/gateway-gateway-networking-k8s-io-v1.adoc @@ -113,7 +113,7 @@ Support: Extended logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. -Distinct Listeners +## Distinct Listeners Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to @@ -190,20 +190,20 @@ values to choose the correct Listener and its associated set of Routes. Exact matches MUST be processed before wildcard matches, and wildcard matches MUST be processed before fallback (empty Hostname value) matches. For example, `"foo.example.com"` takes precedence over -`"\*.example.com"`, and `"\*.example.com"` takes precedence over `""`. +`"*.example.com"`, and `"*.example.com"` takes precedence over `""`. Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. -For example, `"\*.foo.example.com"` takes precedence over `"\*.example.com"`. +For example, `"*.foo.example.com"` takes precedence over `"*.example.com"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. The wildcard character will match any number of characters _and dots_ to -the left, however, so `"\*.example.com"` will match both +the left, however, so `"*.example.com"` will match both `"foo.bar.example.com"` _and_ `"bar.example.com"`. -Handling indistinct Listeners +## Handling indistinct Listeners If a set of Listeners contains Listeners that are not distinct, then those Listeners are _Conflicted_, and the implementation MUST set the "Conflicted" @@ -231,7 +231,7 @@ indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. -General Listener behavior +## General Listener behavior Note that, for all distinct Listeners, requests SHOULD match at most one Listener. For example, if Listeners are defined for "foo.example.com" and "*.example.com", a @@ -247,7 +247,7 @@ Implementations that _do_ support Listener Isolation SHOULD claim support for the Extended `GatewayHTTPListenerIsolation` feature and pass the associated conformance tests. -Compatible Listeners +## Compatible Listeners A Gateway's Listeners are considered _compatible_ if: @@ -538,17 +538,17 @@ values to choose the correct Listener and its associated set of Routes. Exact matches MUST be processed before wildcard matches, and wildcard matches MUST be processed before fallback (empty Hostname value) matches. For example, `"foo.example.com"` takes precedence over -`"\*.example.com"`, and `"\*.example.com"` takes precedence over `""`. +`"*.example.com"`, and `"*.example.com"` takes precedence over `""`. Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. -For example, `"\*.foo.example.com"` takes precedence over `"\*.example.com"`. +For example, `"*.foo.example.com"` takes precedence over `"*.example.com"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. The wildcard character will match any number of characters _and dots_ to -the left, however, so `"\*.example.com"` will match both +the left, however, so `"*.example.com"` will match both `"foo.bar.example.com"` _and_ `"bar.example.com"`. ## Handling indistinct Listeners @@ -719,7 +719,7 @@ there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. -Hostnames that are prefixed with a wildcard label (`\*.`) are interpreted +Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. @@ -1697,7 +1697,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../network_apis/gateway-gateway-networking-k8s-io-v1.adoc#gateway-gateway-networking-k8s-io-v1[`Gateway`] schema -| +| |=== .HTTP responses @@ -1830,7 +1830,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../network_apis/gateway-gateway-networking-k8s-io-v1.adoc#gateway-gateway-networking-k8s-io-v1[`Gateway`] schema -| +| |=== .HTTP responses @@ -1932,7 +1932,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../network_apis/gateway-gateway-networking-k8s-io-v1.adoc#gateway-gateway-networking-k8s-io-v1[`Gateway`] schema -| +| |=== .HTTP responses diff --git a/rest_api/network_apis/grpcroute-gateway-networking-k8s-io-v1.adoc b/rest_api/network_apis/grpcroute-gateway-networking-k8s-io-v1.adoc index b85f7a7db5..07a28e47d7 100644 --- a/rest_api/network_apis/grpcroute-gateway-networking-k8s-io-v1.adoc +++ b/rest_api/network_apis/grpcroute-gateway-networking-k8s-io-v1.adoc @@ -96,7 +96,7 @@ Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: 1. IPs are not allowed. -2. A hostname may be prefixed with a wildcard label (`\*.`). The wildcard +2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. If a hostname is specified by both the Listener and GRPCRoute, there @@ -106,13 +106,13 @@ attached to the Listener. For example: * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. -* A Listener with `\*.example.com` as the hostname matches GRPCRoutes +* A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, - `test.example.com` and `\*.example.com` would both match. On the other + `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. -Hostnames that are prefixed with a wildcard label (`\*.`) are interpreted +Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. @@ -1277,11 +1277,11 @@ Required:: | `denominator` | `integer` -| +| | `numerator` | `integer` -| +| |=== === .spec.rules[].backendRefs[].filters[].responseHeaderModifier @@ -2061,11 +2061,11 @@ Required:: | `denominator` | `integer` -| +| | `numerator` | `integer` -| +| |=== === .spec.rules[].filters[].responseHeaderModifier @@ -2938,7 +2938,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../network_apis/grpcroute-gateway-networking-k8s-io-v1.adoc#grpcroute-gateway-networking-k8s-io-v1[`GRPCRoute`] schema -| +| |=== .HTTP responses @@ -3071,7 +3071,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../network_apis/grpcroute-gateway-networking-k8s-io-v1.adoc#grpcroute-gateway-networking-k8s-io-v1[`GRPCRoute`] schema -| +| |=== .HTTP responses @@ -3173,7 +3173,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../network_apis/grpcroute-gateway-networking-k8s-io-v1.adoc#grpcroute-gateway-networking-k8s-io-v1[`GRPCRoute`] schema -| +| |=== .HTTP responses diff --git a/rest_api/network_apis/httproute-gateway-networking-k8s-io-v1.adoc b/rest_api/network_apis/httproute-gateway-networking-k8s-io-v1.adoc index 060880d52c..4c1c08b807 100644 --- a/rest_api/network_apis/httproute-gateway-networking-k8s-io-v1.adoc +++ b/rest_api/network_apis/httproute-gateway-networking-k8s-io-v1.adoc @@ -80,7 +80,7 @@ Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: 1. IPs are not allowed. -2. A hostname may be prefixed with a wildcard label (`\*.`). The wildcard +2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. If a hostname is specified by both the Listener and HTTPRoute, there @@ -90,14 +90,14 @@ attached to the Listener. For example: * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. -* A Listener with `\*.example.com` as the hostname matches HTTPRoutes +* A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, - `\*.example.com`, `test.example.com`, and `foo.test.example.com` would + `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. -Hostnames that are prefixed with a wildcard label (`\*.`) are interpreted +Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. @@ -1319,11 +1319,11 @@ Required:: | `denominator` | `integer` -| +| | `numerator` | `integer` -| +| |=== === .spec.rules[].backendRefs[].filters[].requestRedirect @@ -2379,11 +2379,11 @@ Required:: | `denominator` | `integer` -| +| | `numerator` | `integer` -| +| |=== === .spec.rules[].filters[].requestRedirect @@ -3675,7 +3675,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../network_apis/httproute-gateway-networking-k8s-io-v1.adoc#httproute-gateway-networking-k8s-io-v1[`HTTPRoute`] schema -| +| |=== .HTTP responses @@ -3808,7 +3808,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../network_apis/httproute-gateway-networking-k8s-io-v1.adoc#httproute-gateway-networking-k8s-io-v1[`HTTPRoute`] schema -| +| |=== .HTTP responses @@ -3910,7 +3910,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../network_apis/httproute-gateway-networking-k8s-io-v1.adoc#httproute-gateway-networking-k8s-io-v1[`HTTPRoute`] schema -| +| |=== .HTTP responses diff --git a/rest_api/network_apis/ipamclaim-k8s-cni-cncf-io-v1alpha1.adoc b/rest_api/network_apis/ipamclaim-k8s-cni-cncf-io-v1alpha1.adoc index bc849161dd..0851c5844e 100644 --- a/rest_api/network_apis/ipamclaim-k8s-cni-cncf-io-v1alpha1.adoc +++ b/rest_api/network_apis/ipamclaim-k8s-cni-cncf-io-v1alpha1.adoc @@ -94,10 +94,113 @@ Required:: |=== | Property | Type | Description +| `conditions` +| `array` +| Conditions contains details for one aspect of the current state of this API Resource + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. + | `ips` | `array (string)` | The list of IP addresses (v4, v6) that were allocated for the pod interface +| `ownerPod` +| `object` +| The name of the pod holding the IPAMClaim + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions contains details for one aspect of the current state of this API Resource +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. +This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. +For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date +with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. +Producers of specific condition types may define expected values and meanings for this field, +and whether the values are considered a guaranteed API. +The value should be a CamelCase string. +This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. + +|=== +=== .status.ownerPod +Description:: ++ +-- +The name of the pod holding the IPAMClaim +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| + |=== == API endpoints diff --git a/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc b/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc index 13ac710a17..6def65a3bc 100644 --- a/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc +++ b/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc @@ -52,8 +52,6 @@ NetworkPolicySpec provides the specification of a NetworkPolicy Type:: `object` -Required:: - - `podSelector` @@ -79,7 +77,7 @@ Required:: | `podSelector` | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector[`LabelSelector`] -| podSelector selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace. +| podSelector selects the pods to which this NetworkPolicy object applies. The array of rules is applied to any pods selected by this field. An empty selector matches all pods in the policy's namespace. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is optional. If it is not specified, it defaults to an empty selector. | `policyTypes` | `array (string)` diff --git a/rest_api/network_apis/userdefinednetwork-k8s-ovn-org-v1.adoc b/rest_api/network_apis/userdefinednetwork-k8s-ovn-org-v1.adoc index ffffe17e2d..ea620bf4ea 100644 --- a/rest_api/network_apis/userdefinednetwork-k8s-ovn-org-v1.adoc +++ b/rest_api/network_apis/userdefinednetwork-k8s-ovn-org-v1.adoc @@ -103,6 +103,28 @@ Required:: |=== | Property | Type | Description +| `defaultGatewayIPs` +| `array (string)` +| defaultGatewayIPs specifies the default gateway IP used in the internal OVN topology. + +Dual-stack clusters may set 2 IPs (one for each IP family), otherwise only 1 IP is allowed. +This field is only allowed for "Primary" network. +It is not recommended to set this field without explicit need and understanding of the OVN network topology. +When omitted, an IP from the subnets field is used. + +| `infrastructureSubnets` +| `array (string)` +| infrastructureSubnets specifies a list of internal CIDR ranges that OVN-Kubernetes will reserve for internal network infrastructure. +Any IP addresses within these ranges cannot be assigned to workloads. +When omitted, OVN-Kubernetes will automatically allocate IP addresses from `subnets` for its infrastructure needs. +When there are not enough available IPs in the provided infrastructureSubnets, OVN-Kubernetes will automatically allocate IP addresses from subnets for its infrastructure needs. +When `reservedSubnets` is also specified the CIDRs cannot overlap. +When `defaultGatewayIPs` is also specified, the default gateway IPs must belong to one of the infrastructure subnet CIDRs. +Each item should be in range of the specified CIDR(s) in `subnets`. +The maximum number of entries allowed is 4. +The format should match standard CIDR notation (for example, "10.128.0.0/16"). +This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`. + | `ipam` | `object` | IPAM section contains IPAM-related configuration for the network. @@ -121,6 +143,16 @@ When omitted, the platform will choose a reasonable default which is subject to | MTU is the maximum transmission unit for a network. MTU is optional, if not provided, the globally configured value in OVN-Kubernetes (defaults to 1400) is used for the network. +| `reservedSubnets` +| `array (string)` +| reservedSubnets specifies a list of CIDRs reserved for static IP assignment, excluded from automatic allocation. +reservedSubnets is optional. When omitted, all IP addresses in `subnets` are available for automatic assignment. +IPs from these ranges can still be requested through static IP assignment. +Each item should be in range of the specified CIDR(s) in `subnets`. +The maximum number of entries allowed is 25. +The format should match standard CIDR notation (for example, "10.128.0.0/16"). +This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`. + | `role` | `string` | Role describes the network role in the pod. diff --git a/rest_api/node_apis/node-v1.adoc b/rest_api/node_apis/node-v1.adoc index f2da1315c3..db39c7216b 100644 --- a/rest_api/node_apis/node-v1.adoc +++ b/rest_api/node_apis/node-v1.adoc @@ -208,7 +208,7 @@ Possible enum values: | `timeAdded` | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Time[`Time`] -| TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. +| TimeAdded represents the time at which the taint was added. | `value` | `string` diff --git a/rest_api/objects/index.adoc b/rest_api/objects/index.adoc index d122d7370e..4ca103c8cc 100644 --- a/rest_api/objects/index.adoc +++ b/rest_api/objects/index.adoc @@ -23,6 +23,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -63,6 +64,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -103,6 +105,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -143,6 +146,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -183,6 +187,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -223,6 +228,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -263,6 +269,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -303,6 +310,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -343,6 +351,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -383,6 +392,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -423,6 +433,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -463,6 +474,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -503,6 +515,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -543,6 +556,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -583,6 +597,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -623,6 +638,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -665,6 +681,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -707,6 +724,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -749,6 +767,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -791,6 +810,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -833,6 +853,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -875,6 +896,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -917,6 +939,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -959,6 +982,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1001,6 +1025,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1043,6 +1068,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1085,6 +1111,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1127,6 +1154,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1169,6 +1197,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1211,6 +1240,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1253,6 +1283,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1295,6 +1326,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1307,7 +1339,7 @@ Required:: | `items` | xref:../oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc#useroauthaccesstoken-oauth-openshift-io-v1[`array (UserOAuthAccessToken)`] -| +| | `kind` | `string` @@ -1337,6 +1369,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1379,6 +1412,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1421,6 +1455,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1463,6 +1498,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1505,6 +1541,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1547,6 +1584,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1589,6 +1627,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1631,6 +1670,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1673,6 +1713,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1715,6 +1756,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1768,6 +1810,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -1775,12 +1818,12 @@ Type:: | Property | Type | Description | `owned` -| `array (APIServiceDescription)` -| +| xref:../objects/index.adoc#com-github-operator-framework-api-pkg-operators-v1alpha1-APIServiceDescription[`array (APIServiceDescription)`] +| | `required` -| `array (APIServiceDescription)` -| +| xref:../objects/index.adoc#com-github-operator-framework-api-pkg-operators-v1alpha1-APIServiceDescription[`array (APIServiceDescription)`] +| |=== @@ -1800,6 +1843,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -1807,12 +1851,12 @@ Type:: | Property | Type | Description | `owned` -| `array (CRDDescription)` -| +| xref:../objects/index.adoc#com-github-operator-framework-api-pkg-operators-v1alpha1-CRDDescription[`array (CRDDescription)`] +| | `required` -| `array (CRDDescription)` -| +| xref:../objects/index.adoc#com-github-operator-framework-api-pkg-operators-v1alpha1-CRDDescription[`array (CRDDescription)`] +| |=== @@ -1833,6 +1877,7 @@ Required:: - `type` - `supported` + === Schema [cols="1,1,1",options="header"] @@ -1841,11 +1886,11 @@ Required:: | `supported` | `boolean` -| +| | `type` | `string` -| +| |=== @@ -1865,6 +1910,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1877,7 +1923,7 @@ Required:: | `items` | xref:../operatorhub_apis/packagemanifest-packages-operators-coreos-com-v1.adoc#packagemanifest-packages-operators-coreos-com-v1[`array (PackageManifest)`] -| +| | `kind` | `string` @@ -1885,7 +1931,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ListMeta[`ListMeta`] -| +| |=== @@ -1905,6 +1951,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1945,6 +1992,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -1985,6 +2033,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2025,6 +2074,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2065,6 +2115,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2105,6 +2156,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2145,6 +2197,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2185,6 +2238,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2225,6 +2279,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2265,6 +2320,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2305,6 +2361,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2345,6 +2402,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2385,6 +2443,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2425,6 +2484,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2465,6 +2525,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2505,6 +2566,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2545,6 +2607,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2585,6 +2648,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2625,6 +2689,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2645,7 +2710,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ListMeta[`ListMeta`] -| +| |=== @@ -2665,6 +2730,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2705,6 +2771,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2745,6 +2812,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2785,6 +2853,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -2796,7 +2865,7 @@ Type:: | defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. | `items` -| `array (KeyToPath)` +| xref:../objects/index.adoc#io-k8s-api-core-v1-KeyToPath[`array (KeyToPath)`] | items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. | `name` @@ -2825,6 +2894,7 @@ Type:: Required:: - `driver` + === Schema [cols="1,1,1",options="header"] @@ -2840,7 +2910,7 @@ Required:: | fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. | `nodePublishSecretRef` -| `LocalObjectReference` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference[`LocalObjectReference`] | nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. | `readOnly` @@ -2869,6 +2939,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2893,8 +2964,8 @@ Required:: |=== -[id="io-k8s-api-core-v1-EnvVar"] -== io.k8s.api.core.v1.EnvVar schema +[id="io-k8s-api-core-v1-EnvVar_v2"] +== io.k8s.api.core.v1.EnvVar_v2 schema Description:: @@ -2909,6 +2980,7 @@ Type:: Required:: - `name` + === Schema [cols="1,1,1",options="header"] @@ -2924,7 +2996,44 @@ Required:: | Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". | `valueFrom` -| `EnvVarSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVarSource_v2[`EnvVarSource_v2`] +| Source for the environment variable's value. Cannot be used if value is not empty. + +|=== + +[id="io-k8s-api-core-v1-EnvVar_v3"] +== io.k8s.api.core.v1.EnvVar_v3 schema + + +Description:: ++ +-- +EnvVar represents an environment variable present in a Container. +-- + +Type:: + `object` + +Required:: + - `name` + + +=== Schema + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name of the environment variable. Must be a C_IDENTIFIER. + +| `value` +| `string` +| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + +| `valueFrom` +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVarSource_v3[`EnvVarSource_v3`] | Source for the environment variable's value. Cannot be used if value is not empty. |=== @@ -2945,6 +3054,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -2983,6 +3093,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -3015,6 +3126,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -3053,6 +3165,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -3082,6 +3195,7 @@ Required:: - `type` - `status` + === Schema [cols="1,1,1",options="header"] @@ -3090,15 +3204,15 @@ Required:: | `lastTransitionTime` | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Time[`Time`] -| +| | `message` | `string` -| +| | `reason` | `string` -| +| | `status` | `string` @@ -3126,6 +3240,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -3166,6 +3281,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -3204,6 +3320,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -3254,6 +3371,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -3323,7 +3441,7 @@ Type:: | `volumeAttributesClassName` | `string` -| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). +| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ | `volumeMode` | `string` @@ -3512,7 +3630,7 @@ This is an alpha field and requires enabling RecoverVolumeExpansionFailure featu | `currentVolumeAttributesClassName` | `string` -| currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is a beta field and requires enabling VolumeAttributesClass feature (off by default). +| currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim | `modifyVolumeStatus` | `object` @@ -3641,6 +3759,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -3681,6 +3800,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -3719,6 +3839,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -3730,15 +3851,15 @@ Type:: | accessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes | `awsElasticBlockStore` -| `AWSElasticBlockStoreVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-AWSElasticBlockStoreVolumeSource[`AWSElasticBlockStoreVolumeSource`] | awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore | `azureDisk` -| `AzureDiskVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-AzureDiskVolumeSource[`AzureDiskVolumeSource`] | azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver. | `azureFile` -| `AzureFilePersistentVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-AzureFilePersistentVolumeSource[`AzureFilePersistentVolumeSource`] | azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver. | `capacity` @@ -3746,11 +3867,11 @@ Type:: | capacity is the description of the persistent volume's resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity | `cephfs` -| `CephFSPersistentVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-CephFSPersistentVolumeSource[`CephFSPersistentVolumeSource`] | cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. | `cinder` -| `CinderPersistentVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-CinderPersistentVolumeSource[`CinderPersistentVolumeSource`] | cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md | `claimRef` @@ -3758,39 +3879,39 @@ Type:: | claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding | `csi` -| `CSIPersistentVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-CSIPersistentVolumeSource[`CSIPersistentVolumeSource`] | csi represents storage that is handled by an external CSI driver. | `fc` -| `FCVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-FCVolumeSource[`FCVolumeSource`] | fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. | `flexVolume` -| `FlexPersistentVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-FlexPersistentVolumeSource[`FlexPersistentVolumeSource`] | flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. | `flocker` -| `FlockerVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-FlockerVolumeSource[`FlockerVolumeSource`] | flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. | `gcePersistentDisk` -| `GCEPersistentDiskVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-GCEPersistentDiskVolumeSource[`GCEPersistentDiskVolumeSource`] | gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk | `glusterfs` -| `GlusterfsPersistentVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-GlusterfsPersistentVolumeSource[`GlusterfsPersistentVolumeSource`] | glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md | `hostPath` -| `HostPathVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-HostPathVolumeSource[`HostPathVolumeSource`] | hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath | `iscsi` -| `ISCSIPersistentVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-ISCSIPersistentVolumeSource[`ISCSIPersistentVolumeSource`] | iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. | `local` -| `LocalVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalVolumeSource[`LocalVolumeSource`] | local represents directly-attached storage with node affinity | `mountOptions` @@ -3798,11 +3919,11 @@ Type:: | mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options | `nfs` -| `NFSVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-NFSVolumeSource[`NFSVolumeSource`] | nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs | `nodeAffinity` -| `VolumeNodeAffinity` +| xref:../objects/index.adoc#io-k8s-api-core-v1-VolumeNodeAffinity[`VolumeNodeAffinity`] | nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume. | `persistentVolumeReclaimPolicy` @@ -3815,23 +3936,23 @@ Possible enum values: - `"Retain"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain. | `photonPersistentDisk` -| `PhotonPersistentDiskVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-PhotonPersistentDiskVolumeSource[`PhotonPersistentDiskVolumeSource`] | photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. | `portworxVolume` -| `PortworxVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-PortworxVolumeSource[`PortworxVolumeSource`] | portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on. | `quobyte` -| `QuobyteVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-QuobyteVolumeSource[`QuobyteVolumeSource`] | quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. | `rbd` -| `RBDPersistentVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-RBDPersistentVolumeSource[`RBDPersistentVolumeSource`] | rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md | `scaleIO` -| `ScaleIOPersistentVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-ScaleIOPersistentVolumeSource[`ScaleIOPersistentVolumeSource`] | scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. | `storageClassName` @@ -3839,12 +3960,12 @@ Possible enum values: | storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass. | `storageos` -| `StorageOSPersistentVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-StorageOSPersistentVolumeSource[`StorageOSPersistentVolumeSource`] | storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md | `volumeAttributesClassName` | `string` -| Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process. This is a beta field and requires enabling VolumeAttributesClass feature (off by default). +| Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process. | `volumeMode` | `string` @@ -3855,7 +3976,7 @@ Possible enum values: - `"Filesystem"` means the volume will be or is formatted with a filesystem. | `vsphereVolume` -| `VsphereVirtualDiskVolumeSource` +| xref:../objects/index.adoc#io-k8s-api-core-v1-VsphereVirtualDiskVolumeSource[`VsphereVirtualDiskVolumeSource`] | vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver. |=== @@ -3876,6 +3997,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -3916,6 +4038,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -3954,6 +4077,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -3965,7 +4089,7 @@ Type:: | Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `spec` -| `PodSpec` +| xref:../objects/index.adoc#io-k8s-api-core-v1-PodSpec[`PodSpec`] | Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |=== @@ -3986,6 +4110,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4026,6 +4151,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4064,6 +4190,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -4075,7 +4202,7 @@ Type:: | hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ | `scopeSelector` -| `ScopeSelector_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-ScopeSelector_v2[`ScopeSelector_v2`] | scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. | `scopes` @@ -4098,6 +4225,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -4114,8 +4242,8 @@ Type:: |=== -[id="io-k8s-api-core-v1-ResourceRequirements"] -== io.k8s.api.core.v1.ResourceRequirements schema +[id="io-k8s-api-core-v1-ResourceRequirements_v2"] +== io.k8s.api.core.v1.ResourceRequirements_v2 schema Description:: @@ -4128,6 +4256,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -4135,7 +4264,46 @@ Type:: | Property | Type | Description | `claims` -| `array (ResourceClaim)` +| xref:../objects/index.adoc#io-k8s-api-core-v1-ResourceClaim_v2[`array (ResourceClaim_v2)`] +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. It can only be set for containers. + +| `limits` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-api-resource-Quantity[`object (Quantity)`] +| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + +| `requests` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-api-resource-Quantity[`object (Quantity)`] +| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + +|=== + +[id="io-k8s-api-core-v1-ResourceRequirements_v3"] +== io.k8s.api.core.v1.ResourceRequirements_v3 schema + + +Description:: ++ +-- +ResourceRequirements describes the compute resource requirements. +-- + +Type:: + `object` + + + +=== Schema + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `claims` +| xref:../objects/index.adoc#io-k8s-api-core-v1-ResourceClaim_v2[`array (ResourceClaim_v2)`] | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. @@ -4166,6 +4334,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -4218,6 +4387,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4258,6 +4428,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -4269,7 +4440,7 @@ Type:: | defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. | `items` -| `array (KeyToPath)` +| xref:../objects/index.adoc#io-k8s-api-core-v1-KeyToPath[`array (KeyToPath)`] | items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. | `optional` @@ -4298,6 +4469,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4338,6 +4510,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4376,6 +4549,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -4427,6 +4601,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -4434,7 +4609,7 @@ Type:: | Property | Type | Description | `matchLabelExpressions` -| `array (TopologySelectorLabelRequirement)` +| xref:../objects/index.adoc#io-k8s-api-core-v1-TopologySelectorLabelRequirement[`array (TopologySelectorLabelRequirement)`] | A list of topology selector requirements by labels. |=== @@ -4456,6 +4631,7 @@ Required:: - `kind` - `name` + === Schema [cols="1,1,1",options="header"] @@ -4492,6 +4668,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4532,6 +4709,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4572,6 +4750,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4612,6 +4791,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4652,6 +4832,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4692,6 +4873,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4732,6 +4914,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4772,6 +4955,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4812,6 +4996,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4852,6 +5037,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4892,6 +5078,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4930,6 +5117,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -4937,7 +5125,7 @@ Type:: | Property | Type | Description | `clusterRoleSelectors` -| `array (LabelSelector_v3)` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelector_v3[`array (LabelSelector_v3)`] | ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added |=== @@ -4958,6 +5146,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -4998,6 +5187,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -5038,6 +5228,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -5078,6 +5269,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -5118,6 +5310,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -5158,6 +5351,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -5198,6 +5392,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -5238,6 +5433,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -5278,6 +5474,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -5318,6 +5515,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -5342,6 +5540,47 @@ Required:: |=== +[id="io-k8s-api-storage-v1-VolumeAttributesClassList"] +== io.k8s.api.storage.v1.VolumeAttributesClassList schema + + +Description:: ++ +-- +VolumeAttributesClassList is a collection of VolumeAttributesClass objects. +-- + +Type:: + `object` + +Required:: + - `items` + + +=== Schema + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `items` +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`array (VolumeAttributesClass)`] +| items is the list of VolumeAttributesClass objects. + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ListMeta[`ListMeta`] +| Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +|=== + [id="io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-CustomResourceDefinitionList"] == io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionList schema @@ -5358,6 +5597,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -5396,6 +5636,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -5404,63 +5645,63 @@ Type:: | `$ref` | `string` -| +| | `$schema` | `string` -| +| | `additionalItems` -| `` -| +| xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSONSchemaPropsOrBool[``] +| | `additionalProperties` -| `` -| +| xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSONSchemaPropsOrBool[``] +| | `allOf` | xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSONSchemaProps[`array (undefined)`] -| +| | `anyOf` | xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSONSchemaProps[`array (undefined)`] -| +| | `default` -| `JSON` +| xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSON[`JSON`] | default is a default value for undefined object fields. Defaulting is a beta feature under the CustomResourceDefaulting feature gate. Defaulting requires spec.preserveUnknownFields to be false. | `definitions` | xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSONSchemaProps[`object (undefined)`] -| +| | `dependencies` -| `object (undefined)` -| +| xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSONSchemaPropsOrStringArray[`object (undefined)`] +| | `description` | `string` -| +| | `enum` -| `array (JSON)` -| +| xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSON[`array (JSON)`] +| | `example` -| `JSON` -| +| xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSON[`JSON`] +| | `exclusiveMaximum` | `boolean` -| +| | `exclusiveMinimum` | `boolean` -| +| | `externalDocs` -| `ExternalDocumentation` -| +| xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-ExternalDocumentation[`ExternalDocumentation`] +| | `format` | `string` @@ -5470,87 +5711,87 @@ Type:: | `id` | `string` -| +| | `items` -| `` -| +| xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSONSchemaPropsOrArray[``] +| | `maxItems` | `integer` -| +| | `maxLength` | `integer` -| +| | `maxProperties` | `integer` -| +| | `maximum` | `number` -| +| | `minItems` | `integer` -| +| | `minLength` | `integer` -| +| | `minProperties` | `integer` -| +| | `minimum` | `number` -| +| | `multipleOf` | `number` -| +| | `not` | xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSONSchemaProps[``] -| +| | `nullable` | `boolean` -| +| | `oneOf` | xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSONSchemaProps[`array (undefined)`] -| +| | `pattern` | `string` -| +| | `patternProperties` | xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSONSchemaProps[`object (undefined)`] -| +| | `properties` | xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-JSONSchemaProps[`object (undefined)`] -| +| | `required` | `array (string)` -| +| | `title` | `string` -| +| | `type` | `string` -| +| | `uniqueItems` | `boolean` -| +| | `x-kubernetes-embedded-resource` | `boolean` @@ -5610,7 +5851,7 @@ Defaults to atomic for arrays. | x-kubernetes-preserve-unknown-fields stops the API server decoding step from pruning fields which are not specified in the validation schema. This affects fields recursively, but switches back to normal pruning behaviour if nested properties or additionalProperties are specified in the schema. This can either be true or undefined. False is forbidden. | `x-kubernetes-validations` -| `array (ValidationRule)` +| xref:../objects/index.adoc#io-k8s-apiextensions-apiserver-pkg-apis-apiextensions-v1-ValidationRule[`array (ValidationRule)`] | x-kubernetes-validations describes a list of validation rules written in the CEL expression language. |=== @@ -5638,7 +5879,7 @@ The serialization format is: (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) - ::= "e" \| "E" + ::= "e" \| "E" No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities. @@ -5686,6 +5927,7 @@ Required:: - `reason` - `message` + === Schema [cols="1,1,1",options="header"] @@ -5732,6 +5974,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -5763,7 +6006,7 @@ Type:: | Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both. | `preconditions` -| `Preconditions` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Preconditions[`Preconditions`] | Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned. | `propagationPolicy` @@ -5804,6 +6047,7 @@ Required:: - `key` - `operator` + === Schema [cols="1,1,1",options="header"] @@ -5842,6 +6086,7 @@ Required:: - `version` - `kind` + === Schema [cols="1,1,1",options="header"] @@ -5850,15 +6095,15 @@ Required:: | `group` | `string` -| +| | `kind` | `string` -| +| | `version` | `string` -| +| |=== @@ -5876,6 +6121,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -5906,6 +6152,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -5913,7 +6160,7 @@ Type:: | Property | Type | Description | `matchExpressions` -| `array (LabelSelectorRequirement_v2)` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelectorRequirement_v2[`array (LabelSelectorRequirement_v2)`] | matchExpressions is a list of label selector requirements. The requirements are ANDed. | `matchLabels` @@ -5939,6 +6186,7 @@ Required:: - `key` - `operator` + === Schema [cols="1,1,1",options="header"] @@ -5973,6 +6221,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6026,6 +6275,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6073,7 +6323,7 @@ Applied only if Name is not specified. More info: https://git.k8s.io/community/c | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels | `managedFields` -| `array (ManagedFieldsEntry)` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ManagedFieldsEntry[`array (ManagedFieldsEntry)`] | ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. | `name` @@ -6087,7 +6337,7 @@ Applied only if Name is not specified. More info: https://git.k8s.io/community/c Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces | `ownerReferences` -| `array (OwnerReference)` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-OwnerReference[`array (OwnerReference)`] | List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. | `resourceVersion` @@ -6122,6 +6372,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6169,7 +6420,7 @@ Applied only if Name is not specified. More info: https://git.k8s.io/community/c | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels | `managedFields` -| `array (ManagedFieldsEntry)` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ManagedFieldsEntry[`array (ManagedFieldsEntry)`] | ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. | `name` @@ -6183,7 +6434,7 @@ Applied only if Name is not specified. More info: https://git.k8s.io/community/c Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces | `ownerReferences` -| `array (OwnerReference)` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-OwnerReference[`array (OwnerReference)`] | List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. | `resourceVersion` @@ -6218,6 +6469,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6233,7 +6485,7 @@ Type:: | Suggested HTTP return code for this status, 0 if not set. | `details` -| `StatusDetails` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails[`StatusDetails`] | Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type. | `kind` @@ -6272,6 +6524,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6287,7 +6540,7 @@ Type:: | Suggested HTTP return code for this status, 0 if not set. | `details` -| `StatusDetails_v2` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails_v2[`StatusDetails_v2`] | Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type. | `kind` @@ -6326,6 +6579,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6341,7 +6595,7 @@ Type:: | Suggested HTTP return code for this status, 0 if not set. | `details` -| `StatusDetails_v2` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails_v2[`StatusDetails_v2`] | Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type. | `kind` @@ -6380,6 +6634,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6395,7 +6650,7 @@ Type:: | Suggested HTTP return code for this status, 0 if not set. | `details` -| `StatusDetails_v2` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails_v2[`StatusDetails_v2`] | Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type. | `kind` @@ -6434,6 +6689,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6449,7 +6705,7 @@ Type:: | Suggested HTTP return code for this status, 0 if not set. | `details` -| `StatusDetails_v2` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails_v2[`StatusDetails_v2`] | Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type. | `kind` @@ -6488,6 +6744,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6503,7 +6760,7 @@ Type:: | Suggested HTTP return code for this status, 0 if not set. | `details` -| `StatusDetails_v2` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails_v2[`StatusDetails_v2`] | Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type. | `kind` @@ -6542,6 +6799,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6557,7 +6815,7 @@ Type:: | Suggested HTTP return code for this status, 0 if not set. | `details` -| `StatusDetails_v2` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails_v2[`StatusDetails_v2`] | Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type. | `kind` @@ -6596,6 +6854,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6611,7 +6870,7 @@ Type:: | Suggested HTTP return code for this status, 0 if not set. | `details` -| `StatusDetails_v2` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails_v2[`StatusDetails_v2`] | Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type. | `kind` @@ -6650,6 +6909,7 @@ Type:: `object` + === Schema [cols="1,1,1",options="header"] @@ -6665,7 +6925,7 @@ Type:: | Suggested HTTP return code for this status, 0 if not set. | `details` -| `StatusDetails_v2` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails_v2[`StatusDetails_v2`] | Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type. | `kind` @@ -6722,6 +6982,7 @@ Required:: - `type` - `object` + === Schema [cols="1,1,1",options="header"] @@ -6738,7 +6999,7 @@ Required:: | `type` | `string` -| +| |=== @@ -6825,6 +7086,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -6865,6 +7127,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -6905,6 +7168,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -6945,6 +7209,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -6985,6 +7250,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7025,6 +7291,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7065,6 +7332,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7105,6 +7373,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7145,6 +7414,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7185,6 +7455,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7225,6 +7496,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7265,6 +7537,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7305,6 +7578,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7345,6 +7619,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7385,6 +7660,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7425,6 +7701,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7465,6 +7742,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7505,6 +7783,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7545,6 +7824,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7585,6 +7865,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7625,6 +7906,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7665,6 +7947,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7705,6 +7988,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7745,6 +8029,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7785,6 +8070,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7825,6 +8111,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7865,6 +8152,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7905,6 +8193,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7945,6 +8234,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -7985,6 +8275,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8025,6 +8316,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8065,6 +8357,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8105,6 +8398,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8145,6 +8439,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8185,6 +8480,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8225,6 +8521,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8265,6 +8562,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8305,6 +8603,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8345,6 +8644,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8385,6 +8685,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8425,6 +8726,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8465,6 +8767,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8505,6 +8808,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8545,6 +8849,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8585,6 +8890,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8625,6 +8931,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8665,6 +8972,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8705,6 +9013,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8745,6 +9054,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8785,6 +9095,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8825,6 +9136,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8865,6 +9177,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8905,6 +9218,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8945,6 +9259,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -8985,6 +9300,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9025,6 +9341,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9065,6 +9382,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9105,6 +9423,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9145,6 +9464,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9185,6 +9505,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9225,6 +9546,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9265,6 +9587,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9305,6 +9628,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9345,6 +9669,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9385,6 +9710,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9425,6 +9751,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9465,6 +9792,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9505,6 +9833,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9545,6 +9874,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9585,6 +9915,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9625,6 +9956,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9665,6 +9997,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9705,6 +10038,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9745,6 +10079,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9785,6 +10120,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9825,6 +10161,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9865,6 +10202,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9905,6 +10243,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9945,6 +10284,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -9985,6 +10325,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10025,6 +10366,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10065,6 +10407,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10105,6 +10448,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10145,6 +10489,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10185,6 +10530,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10225,6 +10571,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10265,6 +10612,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10305,6 +10653,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10345,6 +10694,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10385,6 +10735,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10425,6 +10776,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10465,6 +10817,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10505,6 +10858,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10545,6 +10899,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10585,6 +10940,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10625,6 +10981,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10665,6 +11022,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10705,6 +11063,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10745,6 +11104,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10785,6 +11145,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10825,6 +11186,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10865,6 +11227,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10905,6 +11268,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10945,6 +11309,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -10985,6 +11350,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11025,6 +11391,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11065,6 +11432,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11105,6 +11473,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11145,6 +11514,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11185,6 +11555,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11225,6 +11596,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11265,6 +11637,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11305,6 +11678,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11345,6 +11719,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11385,6 +11760,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11409,6 +11785,47 @@ Required:: |=== +[id="io-operatorframework-olm-v1-ClusterExtensionRevisionList"] +== io.operatorframework.olm.v1.ClusterExtensionRevisionList schema + + +Description:: ++ +-- +ClusterExtensionRevisionList is a list of ClusterExtensionRevision +-- + +Type:: + `object` + +Required:: + - `items` + + +=== Schema + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `items` +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`array (ClusterExtensionRevision)`] +| List of clusterextensionrevisions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ListMeta[`ListMeta`] +| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +|=== + [id="io-x-k8s-cluster-infrastructure-v1beta1-Metal3RemediationList"] == io.x-k8s.cluster.infrastructure.v1beta1.Metal3RemediationList schema @@ -11425,6 +11842,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11465,6 +11883,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11505,6 +11924,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11545,6 +11965,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11585,6 +12006,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11625,6 +12047,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11665,6 +12088,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11705,6 +12129,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11745,6 +12170,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11785,6 +12211,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] @@ -11825,6 +12252,7 @@ Type:: Required:: - `items` + === Schema [cols="1,1,1",options="header"] diff --git a/rest_api/operator_apis/dns-operator-openshift-io-v1.adoc b/rest_api/operator_apis/dns-operator-openshift-io-v1.adoc index 5b99f49da1..d5ae4660db 100644 --- a/rest_api/operator_apis/dns-operator-openshift-io-v1.adoc +++ b/rest_api/operator_apis/dns-operator-openshift-io-v1.adoc @@ -11,10 +11,15 @@ toc::[] Description:: + -- -DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster. - This supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md - More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +DNS manages the CoreDNS component to provide a name resolution service +for pods and services in the cluster. + +This supports the DNS-based service discovery specification: +https://github.com/kubernetes/dns/blob/master/docs/specification.md + +More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns + +Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -- Type:: @@ -68,31 +73,65 @@ Type:: | `cache` | `object` -| cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift. +| cache describes the caching configuration that applies to all server blocks listed in the Corefile. +This field allows a cluster admin to optionally configure: +* positiveTTL which is a duration for which positive responses should be cached. +* negativeTTL which is a duration for which negative responses should be cached. +If this is not configured, OpenShift will configure positive and negative caching with a default value that is +subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is +30 seconds or as noted in the respective Corefile for your version of OpenShift. | `logLevel` | `string` -| logLevel describes the desired logging verbosity for CoreDNS. Any one of the following values may be specified: * Normal logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN responses, and NODATA responses. * Trace logs errors and all responses. Setting logLevel: Trace will produce extremely verbose logs. Valid values are: "Normal", "Debug", "Trace". Defaults to "Normal". +| logLevel describes the desired logging verbosity for CoreDNS. +Any one of the following values may be specified: +* Normal logs errors from upstream resolvers. +* Debug logs errors, NXDOMAIN responses, and NODATA responses. +* Trace logs errors and all responses. + Setting logLevel: Trace will produce extremely verbose logs. +Valid values are: "Normal", "Debug", "Trace". +Defaults to "Normal". | `managementState` | `string` -| managementState indicates whether the DNS operator should manage cluster DNS +| managementState indicates whether the DNS operator should manage cluster +DNS | `nodePlacement` | `object` -| nodePlacement provides explicit control over the scheduling of DNS pods. - Generally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint. - If unset, defaults are used. See nodePlacement for more details. +| nodePlacement provides explicit control over the scheduling of DNS +pods. + +Generally, it is useful to run a DNS pod on every node so that DNS +queries are always handled by a local DNS pod instead of going over +the network to a DNS pod on another node. However, security policies +may require restricting the placement of DNS pods to specific nodes. +For example, if a security policy prohibits pods on arbitrary nodes +from communicating with the API, a node selector can be specified to +restrict DNS pods to nodes that are permitted to communicate with the +API. Conversely, if running DNS pods on nodes with a particular +taint is desired, a toleration can be specified for that taint. + +If unset, defaults are used. See nodePlacement for more details. | `operatorLogLevel` | `string` -| operatorLogLevel controls the logging level of the DNS Operator. Valid values are: "Normal", "Debug", "Trace". Defaults to "Normal". setting operatorLogLevel: Trace will produce extremely verbose logs. +| operatorLogLevel controls the logging level of the DNS Operator. +Valid values are: "Normal", "Debug", "Trace". +Defaults to "Normal". +setting operatorLogLevel: Trace will produce extremely verbose logs. | `servers` | `array` -| servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server. - For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", and the name query is for "www.a.foo.com", it will be routed to the Server with Zone "a.foo.com". - If this field is nil, no servers are created. +| servers is a list of DNS resolvers that provide name query delegation for one or +more subdomains outside the scope of the cluster domain. If servers consists of +more than one Server, longest suffix match will be used to determine the Server. + +For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", +and the name query is for "www.a.foo.com", it will be routed to the Server with Zone +"a.foo.com". + +If this field is nil, no servers are created. | `servers[]` | `object` @@ -100,15 +139,25 @@ Type:: | `upstreamResolvers` | `object` -| upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (".") server - If this field is not specified, the upstream used will default to /etc/resolv.conf, with policy "sequential" +| upstreamResolvers defines a schema for configuring CoreDNS +to proxy DNS messages to upstream resolvers for the case of the +default (".") server + +If this field is not specified, the upstream used will default to +/etc/resolv.conf, with policy "sequential" |=== === .spec.cache Description:: + -- -cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift. +cache describes the caching configuration that applies to all server blocks listed in the Corefile. +This field allows a cluster admin to optionally configure: +* positiveTTL which is a duration for which positive responses should be cached. +* negativeTTL which is a duration for which negative responses should be cached. +If this is not configured, OpenShift will configure positive and negative caching with a default value that is +subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is +30 seconds or as noted in the respective Corefile for your version of OpenShift. -- Type:: @@ -123,22 +172,47 @@ Type:: | `negativeTTL` | `string` -| negativeTTL is optional and specifies the amount of time that a negative response should be cached. - If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change. +| negativeTTL is optional and specifies the amount of time that a negative response should be cached. + +If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This +field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, +e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. +If the configured value is less than 1s, the default value will be used. +If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted +otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject +to change. | `positiveTTL` | `string` -| positiveTTL is optional and specifies the amount of time that a positive response should be cached. - If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change. +| positiveTTL is optional and specifies the amount of time that a positive response should be cached. + +If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This +field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, +e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. +If the configured value is less than 1s, the default value will be used. +If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted +otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject +to change. |=== === .spec.nodePlacement Description:: + -- -nodePlacement provides explicit control over the scheduling of DNS pods. - Generally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint. - If unset, defaults are used. See nodePlacement for more details. +nodePlacement provides explicit control over the scheduling of DNS +pods. + +Generally, it is useful to run a DNS pod on every node so that DNS +queries are always handled by a local DNS pod instead of going over +the network to a DNS pod on another node. However, security policies +may require restricting the placement of DNS pods to specific nodes. +For example, if a security policy prohibits pods on arbitrary nodes +from communicating with the API, a node selector can be specified to +restrict DNS pods to nodes that are permitted to communicate with the +API. Conversely, if running DNS pods on nodes with a particular +taint is desired, a toleration can be specified for that taint. + +If unset, defaults are used. See nodePlacement for more details. -- Type:: @@ -153,30 +227,49 @@ Type:: | `nodeSelector` | `object (string)` -| nodeSelector is the node selector applied to DNS pods. - If empty, the default is used, which is currently the following: - kubernetes.io/os: linux - This default is subject to change. - If set, the specified selector is used and replaces the default. +| nodeSelector is the node selector applied to DNS pods. + +If empty, the default is used, which is currently the following: + + kubernetes.io/os: linux + +This default is subject to change. + +If set, the specified selector is used and replaces the default. | `tolerations` | `array` -| tolerations is a list of tolerations applied to DNS pods. - If empty, the DNS operator sets a toleration for the "node-role.kubernetes.io/master" taint. This default is subject to change. Specifying tolerations without including a toleration for the "node-role.kubernetes.io/master" taint may be risky as it could lead to an outage if all worker nodes become unavailable. - Note that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +| tolerations is a list of tolerations applied to DNS pods. + +If empty, the DNS operator sets a toleration for the +"node-role.kubernetes.io/master" taint. This default is subject to +change. Specifying tolerations without including a toleration for +the "node-role.kubernetes.io/master" taint may be risky as it could +lead to an outage if all worker nodes become unavailable. + +Note that the daemon controller adds some tolerations as well. See +https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `tolerations[]` | `object` -| The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +| The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . |=== === .spec.nodePlacement.tolerations Description:: + -- -tolerations is a list of tolerations applied to DNS pods. - If empty, the DNS operator sets a toleration for the "node-role.kubernetes.io/master" taint. This default is subject to change. Specifying tolerations without including a toleration for the "node-role.kubernetes.io/master" taint may be risky as it could lead to an outage if all worker nodes become unavailable. - Note that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +tolerations is a list of tolerations applied to DNS pods. + +If empty, the DNS operator sets a toleration for the +"node-role.kubernetes.io/master" taint. This default is subject to +change. Specifying tolerations without including a toleration for +the "node-role.kubernetes.io/master" taint may be risky as it could +lead to an outage if all worker nodes become unavailable. + +Note that the daemon controller adds some tolerations as well. See +https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ -- Type:: @@ -189,7 +282,8 @@ Type:: Description:: + -- -The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . -- Type:: @@ -204,32 +298,47 @@ Type:: | `effect` | `string` -| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +| Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. | `key` | `string` -| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. +| Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys. | `operator` | `string` -| Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +| Operator represents a key's relationship to the value. +Valid operators are Exists and Equal. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category. | `tolerationSeconds` | `integer` -| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. +| TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system. | `value` | `string` -| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. +| Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string. |=== === .spec.servers Description:: + -- -servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server. - For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", and the name query is for "www.a.foo.com", it will be routed to the Server with Zone "a.foo.com". - If this field is nil, no servers are created. +servers is a list of DNS resolvers that provide name query delegation for one or +more subdomains outside the scope of the cluster domain. If servers consists of +more than one Server, longest suffix match will be used to determine the Server. + +For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", +and the name query is for "www.a.foo.com", it will be routed to the Server with Zone +"a.foo.com". + +If this field is nil, no servers are created. -- Type:: @@ -257,22 +366,27 @@ Type:: | `forwardPlugin` | `object` -| forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers. +| forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages +to upstream resolvers. | `name` | `string` -| name is required and specifies a unique name for the server. Name must comply with the Service Name Syntax of rfc6335. +| name is required and specifies a unique name for the server. Name must comply +with the Service Name Syntax of rfc6335. | `zones` | `array (string)` -| zones is required and specifies the subdomains that Server is authoritative for. Zones must conform to the rfc1123 definition of a subdomain. Specifying the cluster domain (i.e., "cluster.local") is invalid. +| zones is required and specifies the subdomains that Server is authoritative for. +Zones must conform to the rfc1123 definition of a subdomain. Specifying the +cluster domain (i.e., "cluster.local") is invalid. |=== === .spec.servers[].forwardPlugin Description:: + -- -forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers. +forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages +to upstream resolvers. -- Type:: @@ -287,31 +401,60 @@ Type:: | `policy` | `string` -| policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified: - * "Random" picks a random upstream server for each query. * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. - The default value is "Random" +| policy is used to determine the order in which upstream servers are selected for querying. +Any one of the following values may be specified: + +* "Random" picks a random upstream server for each query. +* "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. +* "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. + +The default value is "Random" | `protocolStrategy` | `string` -| protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are "TCP" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. "TCP" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. "TCP" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS. +| protocolStrategy specifies the protocol to use for upstream DNS +requests. +Valid values for protocolStrategy are "TCP" and omitted. +When omitted, this means no opinion and the platform is left to choose +a reasonable default, which is subject to change over time. +The current default is to use the protocol of the original client request. +"TCP" specifies that the platform should use TCP for all upstream DNS requests, +even if the client request uses UDP. +"TCP" is useful for UDP-specific issues such as those created by +non-compliant upstream resolvers, but may consume more bandwidth or +increase DNS response time. Note that protocolStrategy only affects +the protocol of DNS requests that CoreDNS makes to upstream resolvers. +It does not affect the protocol of DNS requests between clients and +CoreDNS. | `transportConfig` | `object` -| transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. - The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver. +| transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use +when forwarding DNS requests to an upstream resolver. + +The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS +requests to an upstream resolver. | `upstreams` | `array (string)` -| upstreams is a list of resolvers to forward name queries for subdomains of Zones. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. Each upstream is represented by an IP address or IP:port if the upstream listens on a port other than 53. - A maximum of 15 upstreams is allowed per ForwardPlugin. +| upstreams is a list of resolvers to forward name queries for subdomains of Zones. +Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream +returns an error during the exchange, another resolver is tried from Upstreams. The +Upstreams are selected in the order specified in Policy. Each upstream is represented +by an IP address or IP:port if the upstream listens on a port other than 53. + +A maximum of 15 upstreams is allowed per ForwardPlugin. |=== === .spec.servers[].forwardPlugin.transportConfig Description:: + -- -transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. - The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver. +transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use +when forwarding DNS requests to an upstream resolver. + +The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS +requests to an upstream resolver. -- Type:: @@ -330,8 +473,21 @@ Type:: | `transport` | `string` -| transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s). - Possible values: "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is "Cleartext". "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from "TLS" to "Cleartext" explicitly. "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. +| transport allows cluster administrators to opt-in to using a DNS-over-TLS +connection between cluster DNS and an upstream resolver(s). Configuring +TLS as the transport at this level without configuring a CABundle will +result in the system certificates being used to verify the serving +certificate of the upstream resolver(s). + +Possible values: +"" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject +to change over time. The current default is "Cleartext". +"Cleartext" - Cluster admin specified cleartext option. This results in the same functionality +as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, +or wants to switch from "TLS" to "Cleartext" explicitly. +"TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, +you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default +per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. |=== === .spec.servers[].forwardPlugin.transportConfig.tls @@ -355,20 +511,34 @@ Required:: | `caBundle` | `object` -| caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. - 1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. +| caBundle references a ConfigMap that must contain either a single +CA Certificate or a CA Bundle. This allows cluster administrators to provide their +own CA or CA bundle for validating the certificate of upstream resolvers. + +1. The configmap must contain a `ca-bundle.crt` key. +2. The value must be a PEM encoded CA certificate or CA bundle. +3. The administrator must create this configmap in the openshift-config namespace. +4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. | `serverName` | `string` -| serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s). +| serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is +set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the +TLS certificate installed in the upstream resolver(s). |=== === .spec.servers[].forwardPlugin.transportConfig.tls.caBundle Description:: + -- -caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. - 1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. +caBundle references a ConfigMap that must contain either a single +CA Certificate or a CA Bundle. This allows cluster administrators to provide their +own CA or CA bundle for validating the certificate of upstream resolvers. + +1. The configmap must contain a `ca-bundle.crt` key. +2. The value must be a PEM encoded CA certificate or CA bundle. +3. The administrator must create this configmap in the openshift-config namespace. +4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. -- Type:: @@ -392,8 +562,12 @@ Required:: Description:: + -- -upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (".") server - If this field is not specified, the upstream used will default to /etc/resolv.conf, with policy "sequential" +upstreamResolvers defines a schema for configuring CoreDNS +to proxy DNS messages to upstream resolvers for the case of the +default (".") server + +If this field is not specified, the upstream used will default to +/etc/resolv.conf, with policy "sequential" -- Type:: @@ -408,36 +582,69 @@ Type:: | `policy` | `string` -| Policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified: - * "Random" picks a random upstream server for each query. * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. - The default value is "Sequential" +| policy is used to determine the order in which upstream servers are selected for querying. +Any one of the following values may be specified: + +* "Random" picks a random upstream server for each query. +* "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. +* "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. + +The default value is "Sequential" | `protocolStrategy` | `string` -| protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are "TCP" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. "TCP" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. "TCP" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS. +| protocolStrategy specifies the protocol to use for upstream DNS +requests. +Valid values for protocolStrategy are "TCP" and omitted. +When omitted, this means no opinion and the platform is left to choose +a reasonable default, which is subject to change over time. +The current default is to use the protocol of the original client request. +"TCP" specifies that the platform should use TCP for all upstream DNS requests, +even if the client request uses UDP. +"TCP" is useful for UDP-specific issues such as those created by +non-compliant upstream resolvers, but may consume more bandwidth or +increase DNS response time. Note that protocolStrategy only affects +the protocol of DNS requests that CoreDNS makes to upstream resolvers. +It does not affect the protocol of DNS requests between clients and +CoreDNS. | `transportConfig` | `object` -| transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. - The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver. +| transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use +when forwarding DNS requests to an upstream resolver. + +The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS +requests to an upstream resolver. | `upstreams` | `array` -| Upstreams is a list of resolvers to forward name queries for the "." domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. - A maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default +| upstreams is a list of resolvers to forward name queries for the "." domain. +Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream +returns an error during the exchange, another resolver is tried from Upstreams. The +Upstreams are selected in the order specified in Policy. + +A maximum of 15 upstreams is allowed per ForwardPlugin. +If no Upstreams are specified, /etc/resolv.conf is used by default | `upstreams[]` | `object` -| Upstream can either be of type SystemResolvConf, or of type Network. - - For an Upstream of type SystemResolvConf, no further fields are necessary: The upstream will be configured to use /etc/resolv.conf. - For an Upstream of type Network, a NetworkResolver field needs to be defined with an IP address or IP:port if the upstream listens on a port other than 53. +| Upstream can either be of type SystemResolvConf, or of type Network. + + - For an Upstream of type SystemResolvConf, no further fields are necessary: + The upstream will be configured to use /etc/resolv.conf. + - For an Upstream of type Network, a NetworkResolver field needs to be defined + with an IP address or IP:port if the upstream listens on a port other than 53. |=== === .spec.upstreamResolvers.transportConfig Description:: + -- -transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. - The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver. +transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use +when forwarding DNS requests to an upstream resolver. + +The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS +requests to an upstream resolver. -- Type:: @@ -456,8 +663,21 @@ Type:: | `transport` | `string` -| transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s). - Possible values: "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is "Cleartext". "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from "TLS" to "Cleartext" explicitly. "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. +| transport allows cluster administrators to opt-in to using a DNS-over-TLS +connection between cluster DNS and an upstream resolver(s). Configuring +TLS as the transport at this level without configuring a CABundle will +result in the system certificates being used to verify the serving +certificate of the upstream resolver(s). + +Possible values: +"" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject +to change over time. The current default is "Cleartext". +"Cleartext" - Cluster admin specified cleartext option. This results in the same functionality +as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, +or wants to switch from "TLS" to "Cleartext" explicitly. +"TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, +you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default +per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. |=== === .spec.upstreamResolvers.transportConfig.tls @@ -481,20 +701,34 @@ Required:: | `caBundle` | `object` -| caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. - 1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. +| caBundle references a ConfigMap that must contain either a single +CA Certificate or a CA Bundle. This allows cluster administrators to provide their +own CA or CA bundle for validating the certificate of upstream resolvers. + +1. The configmap must contain a `ca-bundle.crt` key. +2. The value must be a PEM encoded CA certificate or CA bundle. +3. The administrator must create this configmap in the openshift-config namespace. +4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. | `serverName` | `string` -| serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s). +| serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is +set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the +TLS certificate installed in the upstream resolver(s). |=== === .spec.upstreamResolvers.transportConfig.tls.caBundle Description:: + -- -caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. - 1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. +caBundle references a ConfigMap that must contain either a single +CA Certificate or a CA Bundle. This allows cluster administrators to provide their +own CA or CA bundle for validating the certificate of upstream resolvers. + +1. The configmap must contain a `ca-bundle.crt` key. +2. The value must be a PEM encoded CA certificate or CA bundle. +3. The administrator must create this configmap in the openshift-config namespace. +4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. -- Type:: @@ -518,8 +752,13 @@ Required:: Description:: + -- -Upstreams is a list of resolvers to forward name queries for the "." domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. - A maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default +upstreams is a list of resolvers to forward name queries for the "." domain. +Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream +returns an error during the exchange, another resolver is tried from Upstreams. The +Upstreams are selected in the order specified in Policy. + +A maximum of 15 upstreams is allowed per ForwardPlugin. +If no Upstreams are specified, /etc/resolv.conf is used by default -- Type:: @@ -532,8 +771,12 @@ Type:: Description:: + -- -Upstream can either be of type SystemResolvConf, or of type Network. - - For an Upstream of type SystemResolvConf, no further fields are necessary: The upstream will be configured to use /etc/resolv.conf. - For an Upstream of type Network, a NetworkResolver field needs to be defined with an IP address or IP:port if the upstream listens on a port other than 53. +Upstream can either be of type SystemResolvConf, or of type Network. + + - For an Upstream of type SystemResolvConf, no further fields are necessary: + The upstream will be configured to use /etc/resolv.conf. + - For an Upstream of type Network, a NetworkResolver field needs to be defined + with an IP address or IP:port if the upstream listens on a port other than 53. -- Type:: @@ -550,16 +793,22 @@ Required:: | `address` | `string` -| Address must be defined when Type is set to Network. It will be ignored otherwise. It must be a valid ipv4 or ipv6 address. +| address must be defined when Type is set to Network. It will be ignored otherwise. +It must be a valid ipv4 or ipv6 address. | `port` | `integer` -| Port may be defined when Type is set to Network. It will be ignored otherwise. Port must be between 65535 +| port may be defined when Type is set to Network. It will be ignored otherwise. +Port must be between 65535 | `type` | `string` -| Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network. - * When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined: /etc/resolv.conf will be used * When Network is used, the Upstream structure must contain at least an Address +| type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. +Type accepts 2 possible values: SystemResolvConf or Network. + +* When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined: + /etc/resolv.conf will be used +* When Network is used, the Upstream structure must contain at least an Address |=== === .status @@ -584,21 +833,36 @@ Required:: | `clusterDomain` | `string` -| clusterDomain is the local cluster DNS domain suffix for DNS services. This will be a subdomain as defined in RFC 1034, section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: "cluster.local" - More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service +| clusterDomain is the local cluster DNS domain suffix for DNS services. +This will be a subdomain as defined in RFC 1034, +section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 +Example: "cluster.local" + +More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service | `clusterIP` | `string` -| clusterIP is the service IP through which this DNS is made available. - In the case of the default DNS, this will be a well known IP that is used as the default nameserver for pods that are using the default ClusterFirst DNS policy. - In general, this IP can be specified in a pod's spec.dnsConfig.nameservers list or used explicitly when performing name resolution from within the cluster. Example: dig foo.com @ - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies +| clusterIP is the service IP through which this DNS is made available. + +In the case of the default DNS, this will be a well known IP that is used +as the default nameserver for pods that are using the default ClusterFirst DNS policy. + +In general, this IP can be specified in a pod's spec.dnsConfig.nameservers list +or used explicitly when performing name resolution from within the cluster. +Example: dig foo.com @ + +More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies | `conditions` | `array` -| conditions provide information about the state of the DNS on the cluster. - These are the supported DNS conditions: - * Available - True if the following conditions are met: * DNS controller daemonset is available. - False if any of those conditions are unsatisfied. +| conditions provide information about the state of the DNS on the cluster. + +These are the supported DNS conditions: + + * Available + - True if the following conditions are met: + * DNS controller daemonset is available. + - False if any of those conditions are unsatisfied. | `conditions[]` | `object` @@ -609,9 +873,14 @@ Required:: Description:: + -- -conditions provide information about the state of the DNS on the cluster. - These are the supported DNS conditions: - * Available - True if the following conditions are met: * DNS controller daemonset is available. - False if any of those conditions are unsatisfied. +conditions provide information about the state of the DNS on the cluster. + +These are the supported DNS conditions: + + * Available + - True if the following conditions are met: + * DNS controller daemonset is available. + - False if any of those conditions are unsatisfied. -- Type:: @@ -631,6 +900,8 @@ Type:: `object` Required:: + - `lastTransitionTime` + - `status` - `type` @@ -641,7 +912,8 @@ Required:: | `lastTransitionTime` | `string` -| +| lastTransitionTime is the last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. | `message` | `string` @@ -653,11 +925,11 @@ Required:: | `status` | `string` -| +| status of the condition, one of True, False, Unknown. | `type` | `string` -| +| type of condition in CamelCase or in foo.example.com/CamelCase. |=== diff --git a/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc b/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc index 809332f32e..548ee1d84b 100644 --- a/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc +++ b/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc @@ -1059,7 +1059,7 @@ Type:: | `string` | protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: -"proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas +"proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when @@ -3014,11 +3014,11 @@ This should be when the underlying condition changed. If that is not known, the | `message` | `string` -| +| | `reason` | `string` -| +| | `status` | `string` @@ -3614,7 +3614,7 @@ Type:: | `string` | protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: -"proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas +"proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when @@ -4078,7 +4078,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../operator_apis/ingresscontroller-operator-openshift-io-v1.adoc#ingresscontroller-operator-openshift-io-v1[`IngressController`] schema -| +| |=== .HTTP responses @@ -4211,7 +4211,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../operator_apis/ingresscontroller-operator-openshift-io-v1.adoc#ingresscontroller-operator-openshift-io-v1[`IngressController`] schema -| +| |=== .HTTP responses @@ -4313,7 +4313,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema -| +| |=== .HTTP responses @@ -4415,7 +4415,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../operator_apis/ingresscontroller-operator-openshift-io-v1.adoc#ingresscontroller-operator-openshift-io-v1[`IngressController`] schema -| +| |=== .HTTP responses diff --git a/rest_api/operator_apis/machineconfiguration-operator-openshift-io-v1.adoc b/rest_api/operator_apis/machineconfiguration-operator-openshift-io-v1.adoc index c326273efc..116d9cacb3 100644 --- a/rest_api/operator_apis/machineconfiguration-operator-openshift-io-v1.adoc +++ b/rest_api/operator_apis/machineconfiguration-operator-openshift-io-v1.adoc @@ -213,8 +213,9 @@ machine.openshift.io means that the machine manager will only register resources | `resource` | `string` | resource is the machine management resource's type. -The only current valid value is machinesets. +Valid values are machinesets and controlplanemachinesets. machinesets means that the machine manager will only register resources of the kind MachineSet. +controlplanemachinesets means that the machine manager will only register resources of the kind ControlPlaneMachineSet. | `selection` | `object` @@ -243,9 +244,10 @@ Required:: | `mode` | `string` | mode determines how machine managers will be selected for updates. -Valid values are All and Partial. +Valid values are All, Partial and None. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. +Partial is not permitted for the controlplanemachinesets resource type as they are a singleton within the cluster. None means that every resource matched by the machine manager will not be updated. | `partial` @@ -1060,8 +1062,9 @@ machine.openshift.io means that the machine manager will only register resources | `resource` | `string` | resource is the machine management resource's type. -The only current valid value is machinesets. +Valid values are machinesets and controlplanemachinesets. machinesets means that the machine manager will only register resources of the kind MachineSet. +controlplanemachinesets means that the machine manager will only register resources of the kind ControlPlaneMachineSet. | `selection` | `object` @@ -1090,9 +1093,10 @@ Required:: | `mode` | `string` | mode determines how machine managers will be selected for updates. -Valid values are All and Partial. +Valid values are All, Partial and None. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. +Partial is not permitted for the controlplanemachinesets resource type as they are a singleton within the cluster. None means that every resource matched by the machine manager will not be updated. | `partial` diff --git a/rest_api/operator_apis/operator-apis-index.adoc b/rest_api/operator_apis/operator-apis-index.adoc index f629fed267..0f0a0732e9 100644 --- a/rest_api/operator_apis/operator-apis-index.adoc +++ b/rest_api/operator_apis/operator-apis-index.adoc @@ -119,10 +119,15 @@ Type:: Description:: + -- -DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster. - This supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md - More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +DNS manages the CoreDNS component to provide a name resolution service +for pods and services in the cluster. + +This supports the DNS-based service discovery specification: +https://github.com/kubernetes/dns/blob/master/docs/specification.md + +More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns + +Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -- Type:: diff --git a/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc index 179d5d53c8..c4953cc161 100644 --- a/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc +++ b/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc @@ -1305,8 +1305,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` @@ -1343,8 +1343,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. -- diff --git a/rest_api/operatorhub_apis/clustercatalog-olm-operatorframework-io-v1.adoc b/rest_api/operatorhub_apis/clustercatalog-olm-operatorframework-io-v1.adoc index d2cfb6e7c0..eaf1cab211 100644 --- a/rest_api/operatorhub_apis/clustercatalog-olm-operatorframework-io-v1.adoc +++ b/rest_api/operatorhub_apis/clustercatalog-olm-operatorframework-io-v1.adoc @@ -229,7 +229,7 @@ The port must be the last value in the domain. Some examples of valid domain values are "registry.mydomain.io", "quay.io", "my-registry.io:8080". The name is typically the repository in the registry where an image is located. -It must contain lowercase alphanumeric characters separated only by the ".", "\_", "\__", "-" characters. +It must contain lowercase alphanumeric characters separated only by the ".", "_", "__", "-" characters. Multiple names can be concatenated with the "/" character. The domain and name are combined using the "/" character. Some examples of valid name values are "operatorhubio/catalog", "catalog", "my-catalog.prod". @@ -243,11 +243,11 @@ An identifier is required in the reference. Digest-based references must contain an algorithm reference immediately after the "@" separator. The algorithm reference must be followed by the ":" character and an encoded string. -The algorithm must start with an uppercase or lowercase alpha character followed by alphanumeric characters and may contain the "-", "\_", "+", and "." characters. +The algorithm must start with an uppercase or lowercase alpha character followed by alphanumeric characters and may contain the "-", "_", "+", and "." characters. Some examples of valid algorithm values are "sha256", "sha256+b64u", "multihash+base58". The encoded string following the algorithm must be hex digits (a-f, A-F, 0-9) and must be a minimum of 32 characters. -Tag-based references must begin with a word character (alphanumeric + "\_") followed by word characters or ".", and "-" characters. +Tag-based references must begin with a word character (alphanumeric + "_") followed by word characters or ".", and "-" characters. The tag must not be longer than 127 characters. An example of a valid digest-based image reference is "quay.io/operatorhubio/catalog@sha256:200d4ddb2a73594b91358fe6397424e975205bfbe44614f5846033cad64b3f05" @@ -587,7 +587,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../operatorhub_apis/clustercatalog-olm-operatorframework-io-v1.adoc#clustercatalog-olm-operatorframework-io-v1[`ClusterCatalog`] schema -| +| |=== .HTTP responses @@ -720,7 +720,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../operatorhub_apis/clustercatalog-olm-operatorframework-io-v1.adoc#clustercatalog-olm-operatorframework-io-v1[`ClusterCatalog`] schema -| +| |=== .HTTP responses @@ -822,7 +822,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../operatorhub_apis/clustercatalog-olm-operatorframework-io-v1.adoc#clustercatalog-olm-operatorframework-io-v1[`ClusterCatalog`] schema -| +| |=== .HTTP responses diff --git a/rest_api/operatorhub_apis/clusterextension-olm-operatorframework-io-v1.adoc b/rest_api/operatorhub_apis/clusterextension-olm-operatorframework-io-v1.adoc index 1e25dc470a..c4bd54d5a2 100644 --- a/rest_api/operatorhub_apis/clusterextension-olm-operatorframework-io-v1.adoc +++ b/rest_api/operatorhub_apis/clusterextension-olm-operatorframework-io-v1.adoc @@ -67,6 +67,16 @@ Required:: |=== | Property | Type | Description +| `config` +| `object` +| config is an optional field used to specify bundle specific configuration +used to configure the bundle. Configuration is bundle specific and a bundle may provide +a configuration schema. When not specified, the default configuration of the resolved bundle will be used. + +config is validated against a configuration schema provided by the resolved bundle. If the bundle does not provide +a configuration schema the final manifests will be derived on a best-effort basis. More information on how +to configure the bundle should be found in its end-user documentation. + | `install` | `object` | install is an optional field used to configure the installation options @@ -110,6 +120,50 @@ source: catalog: packageName: example-package +|=== +=== .spec.config +Description:: ++ +-- +config is an optional field used to specify bundle specific configuration +used to configure the bundle. Configuration is bundle specific and a bundle may provide +a configuration schema. When not specified, the default configuration of the resolved bundle will be used. + +config is validated against a configuration schema provided by the resolved bundle. If the bundle does not provide +a configuration schema the final manifests will be derived on a best-effort basis. More information on how +to configure the bundle should be found in its end-user documentation. +-- + +Type:: + `object` + +Required:: + - `configType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `configType` +| `string` +| configType is a required reference to the type of configuration source. + +Allowed values are "Inline" + +When this field is set to "Inline", the cluster extension configuration is defined inline within the +ClusterExtension resource. + +| `inline` +| `` +| inline contains JSON or YAML values specified directly in the +ClusterExtension. + +inline must be set if configType is 'Inline'. +inline accepts arbitrary JSON/YAML objects. +inline is validation at runtime against the schema provided by the bundle if a schema is provided. + |=== === .spec.install Description:: diff --git a/rest_api/operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc b/rest_api/operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc new file mode 100644 index 0000000000..b93def1d07 --- /dev/null +++ b/rest_api/operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc @@ -0,0 +1,663 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="clusterextensionrevision-olm-operatorframework-io-v1"] += ClusterExtensionRevision [olm.operatorframework.io/v1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +ClusterExtensionRevision is the Schema for the clusterextensionrevisions API +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec is an optional field that defines the desired state of the ClusterExtension. + +| `status` +| `object` +| status is an optional field that defines the observed state of the ClusterExtension. + +|=== +=== .spec +Description:: ++ +-- +spec is an optional field that defines the desired state of the ClusterExtension. +-- + +Type:: + `object` + +Required:: + - `revision` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lifecycleState` +| `string` +| Specifies the lifecycle state of the ClusterExtensionRevision. + +| `phases` +| `array` +| Phases are groups of objects that will be applied at the same time. +All objects in the phase will have to pass their probes in order to progress to the next phase. + +| `phases[]` +| `object` +| ClusterExtensionRevisionPhase are groups of objects that will be applied at the same time. +All objects in the a phase will have to pass their probes in order to progress to the next phase. + +| `previous` +| `array` +| Previous references previous revisions that objects can be adopted from. + +| `previous[]` +| `object` +| + +| `revision` +| `integer` +| Revision is a sequence number representing a specific revision of the ClusterExtension instance. +Must be positive. Each ClusterExtensionRevision of the same parent ClusterExtension needs to have +a unique value assigned. It is immutable after creation. The new revision number must always be previous revision +1. + +|=== +=== .spec.phases +Description:: ++ +-- +Phases are groups of objects that will be applied at the same time. +All objects in the phase will have to pass their probes in order to progress to the next phase. +-- + +Type:: + `array` + + + + +=== .spec.phases[] +Description:: ++ +-- +ClusterExtensionRevisionPhase are groups of objects that will be applied at the same time. +All objects in the a phase will have to pass their probes in order to progress to the next phase. +-- + +Type:: + `object` + +Required:: + - `name` + - `objects` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name identifies this phase. + +| `objects` +| `array` +| Objects are a list of all the objects within this phase. + +| `objects[]` +| `object` +| ClusterExtensionRevisionObject contains an object and settings for it. + +|=== +=== .spec.phases[].objects +Description:: ++ +-- +Objects are a list of all the objects within this phase. +-- + +Type:: + `array` + + + + +=== .spec.phases[].objects[] +Description:: ++ +-- +ClusterExtensionRevisionObject contains an object and settings for it. +-- + +Type:: + `object` + +Required:: + - `object` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `collisionProtection` +| `string` +| CollisionProtection controls whether OLM can adopt and modify objects +already existing on the cluster or even owned by another controller. + +| `object` +| `` +| + +|=== +=== .spec.previous +Description:: ++ +-- +Previous references previous revisions that objects can be adopted from. +-- + +Type:: + `array` + + + + +=== .spec.previous[] +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `name` + - `uid` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| + +| `uid` +| `string` +| UID is a type that holds unique ID values, including UUIDs. Because we +don't ONLY use UUIDs, this is an alias to string. Being a type captures +intent and helps make sure that UIDs and names do not get conflated. + +|=== +=== .status +Description:: ++ +-- +status is an optional field that defines the observed state of the ClusterExtension. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. + +|=== +=== .status.conditions +Description:: ++ +-- + +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. +This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. +For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date +with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. +Producers of specific condition types may define expected values and meanings for this field, +and whether the values are considered a guaranteed API. +The value should be a CamelCase string. +This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/olm.operatorframework.io/v1/clusterextensionrevisions` +- `DELETE`: delete collection of ClusterExtensionRevision +- `GET`: list objects of kind ClusterExtensionRevision +- `POST`: create a ClusterExtensionRevision +* `/apis/olm.operatorframework.io/v1/clusterextensionrevisions/{name}` +- `DELETE`: delete a ClusterExtensionRevision +- `GET`: read the specified ClusterExtensionRevision +- `PATCH`: partially update the specified ClusterExtensionRevision +- `PUT`: replace the specified ClusterExtensionRevision +* `/apis/olm.operatorframework.io/v1/clusterextensionrevisions/{name}/status` +- `GET`: read status of the specified ClusterExtensionRevision +- `PATCH`: partially update status of the specified ClusterExtensionRevision +- `PUT`: replace status of the specified ClusterExtensionRevision + + +=== /apis/olm.operatorframework.io/v1/clusterextensionrevisions + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of ClusterExtensionRevision + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind ClusterExtensionRevision + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io-operatorframework-olm-v1-ClusterExtensionRevisionList[`ClusterExtensionRevisionList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a ClusterExtensionRevision + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| 201 - Created +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| 202 - Accepted +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/olm.operatorframework.io/v1/clusterextensionrevisions/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ClusterExtensionRevision +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a ClusterExtensionRevision + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified ClusterExtensionRevision + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified ClusterExtensionRevision + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified ClusterExtensionRevision + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| 201 - Created +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/olm.operatorframework.io/v1/clusterextensionrevisions/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ClusterExtensionRevision +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified ClusterExtensionRevision + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified ClusterExtensionRevision + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified ClusterExtensionRevision + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| 201 - Created +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[`ClusterExtensionRevision`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc index 31ff29acd2..1abea0f39a 100644 --- a/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc +++ b/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc @@ -2146,7 +2146,9 @@ Optional: Default to false. | `hostNetwork` | `boolean` | Host networking requested for this pod. Use the host's network namespace. -If this option is set, the ports that will be used must be specified. +When using HostNetwork you should specify ports so the scheduler is aware. +When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`, +and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`. Default to false. | `hostPID` @@ -2171,6 +2173,19 @@ This field is alpha-level and is only honored by servers that enable the UserNam | Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. +| `hostnameOverride` +| `string` +| HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod. +This field only specifies the pod's hostname and does not affect its DNS records. +When this field is set to a non-empty string: +- It takes precedence over the values set in `hostname` and `subdomain`. +- The Pod's hostname will be set to this value. +- `setHostnameAsFQDN` must be nil or set to false. +- `hostNetwork` must be set to false. + +This field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters. +Requires the HostnameOverride feature gate to be enabled. + | `imagePullSecrets` | `array` | ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. @@ -2228,6 +2243,7 @@ If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers +- spec.resources - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile @@ -2319,7 +2335,7 @@ Containers that need access to the ResourceClaim reference it with this name. | `object` | Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for -"cpu" and "memory" resource names only. ResourceClaims are not supported. +"cpu", "memory" and "hugepages-" resource names only. ResourceClaims are not supported. This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod. @@ -3527,8 +3543,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` @@ -3565,8 +3581,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. -- @@ -4185,8 +4201,8 @@ Cannot be updated. | `envFrom` | `array` | List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -4266,10 +4282,10 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co | `restartPolicy` | `string` | RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, +This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: +Additionally, setting the RestartPolicy as "Always" for the init container will +have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" @@ -4281,6 +4297,24 @@ container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. + | `securityContext` | `object` | SecurityContext defines the security options the container should be run with. @@ -4398,7 +4432,8 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. +May consist of any printable ASCII characters except '='. | `value` | `string` @@ -4443,6 +4478,11 @@ Type:: | Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| `fileKeyRef` +| `object` +| FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + | `resourceFieldRef` | `object` | Selects a resource of the container: only resources limits and requests @@ -4517,6 +4557,54 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.install.spec.deployments[].spec.template.spec.containers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. +-- + +Type:: + `object` + +Required:: + - `key` + - `path` + - `volumeName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.install.spec.deployments[].spec.template.spec.containers[].env[].valueFrom.resourceFieldRef Description:: @@ -4592,8 +4680,8 @@ Description:: + -- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -4628,7 +4716,8 @@ Type:: | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. +May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -5810,7 +5899,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -5839,7 +5928,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -5882,6 +5971,93 @@ inside a container. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.install.spec.deployments[].spec.template.spec.containers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.install.spec.deployments[].spec.template.spec.containers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements +are satisfied. The only possible value is "Restart" to restart the +container. + +| `exitCodes` +| `object` +| Represents the exit codes to check on container exits. + +|=== +=== .spec.install.spec.deployments[].spec.template.spec.containers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +Represents the exit codes to check on container exits. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the +specified values. Possible values are: +- In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. +At most 255 elements are allowed. + |=== === .spec.install.spec.deployments[].spec.template.spec.containers[].securityContext Description:: @@ -6730,8 +6906,8 @@ Cannot be updated. | `envFrom` | `array` | List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -6795,9 +6971,18 @@ already allocated to the pod. | `string` | Restart policy for the container to manage the restart behavior of each container within a pod. -This may only be set for init containers. You cannot set this field on +You cannot set this field on ephemeral containers. + +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the +container should be restarted on exit. You cannot set this field on ephemeral containers. +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. + | `securityContext` | `object` | Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -6917,7 +7102,8 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. +May consist of any printable ASCII characters except '='. | `value` | `string` @@ -6962,6 +7148,11 @@ Type:: | Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| `fileKeyRef` +| `object` +| FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + | `resourceFieldRef` | `object` | Selects a resource of the container: only resources limits and requests @@ -7036,6 +7227,54 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. +-- + +Type:: + `object` + +Required:: + - `key` + - `path` + - `volumeName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].env[].valueFrom.resourceFieldRef Description:: @@ -7111,8 +7350,8 @@ Description:: + -- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -7147,7 +7386,8 @@ Type:: | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. +May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -8315,7 +8555,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -8344,7 +8584,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -8387,6 +8627,85 @@ inside a container. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the +container should be restarted on exit. You cannot set this field on +ephemeral containers. +-- + +Type:: + `array` + + + + +=== .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements +are satisfied. The only possible value is "Restart" to restart the +container. + +| `exitCodes` +| `object` +| Represents the exit codes to check on container exits. + +|=== +=== .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +Represents the exit codes to check on container exits. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the +specified values. Possible values are: +- In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. +At most 255 elements are allowed. + |=== === .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].securityContext Description:: @@ -9229,8 +9548,8 @@ Cannot be updated. | `envFrom` | `array` | List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -9310,10 +9629,10 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co | `restartPolicy` | `string` | RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, +This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: +Additionally, setting the RestartPolicy as "Always" for the init container will +have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" @@ -9325,6 +9644,24 @@ container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. + | `securityContext` | `object` | SecurityContext defines the security options the container should be run with. @@ -9442,7 +9779,8 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. +May consist of any printable ASCII characters except '='. | `value` | `string` @@ -9487,6 +9825,11 @@ Type:: | Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| `fileKeyRef` +| `object` +| FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + | `resourceFieldRef` | `object` | Selects a resource of the container: only resources limits and requests @@ -9561,6 +9904,54 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.install.spec.deployments[].spec.template.spec.initContainers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. +-- + +Type:: + `object` + +Required:: + - `key` + - `path` + - `volumeName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.install.spec.deployments[].spec.template.spec.initContainers[].env[].valueFrom.resourceFieldRef Description:: @@ -9636,8 +10027,8 @@ Description:: + -- List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple +The keys defined within a source may consist of any printable ASCII characters except '='. +When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -9672,7 +10063,8 @@ Type:: | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. +May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -10854,7 +11246,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -10883,7 +11275,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -10926,6 +11318,93 @@ inside a container. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.install.spec.deployments[].spec.template.spec.initContainers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the +container should be restarted on exit. The rules are evaluated in +order. Once a rule matches a container exit condition, the remaining +rules are ignored. If no rule matches the container exit condition, +the Container-level restart policy determines the whether the container +is restarted or not. Constraints on the rules: +- At most 20 rules are allowed. +- Rules can have the same action. +- Identical rules are not forbidden in validations. +When rules are specified, container MUST set RestartPolicy explicitly +even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.install.spec.deployments[].spec.template.spec.initContainers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements +are satisfied. The only possible value is "Restart" to restart the +container. + +| `exitCodes` +| `object` +| Represents the exit codes to check on container exits. + +|=== +=== .spec.install.spec.deployments[].spec.template.spec.initContainers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +Represents the exit codes to check on container exits. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the +specified values. Possible values are: +- In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. +At most 255 elements are allowed. + |=== === .spec.install.spec.deployments[].spec.template.spec.initContainers[].securityContext Description:: @@ -11626,6 +12105,7 @@ If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers +- spec.resources - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile @@ -11792,7 +12272,7 @@ Description:: -- Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for -"cpu" and "memory" resource names only. ResourceClaims are not supported. +"cpu", "memory" and "hugepages-" resource names only. ResourceClaims are not supported. This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod. @@ -11816,7 +12296,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -11845,7 +12325,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -12724,7 +13204,6 @@ into the Pod's container. | `object` | glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. -More info: https://examples.k8s.io/volumes/glusterfs/README.md | `hostPath` | `object` @@ -12755,7 +13234,7 @@ The field spec.securityContext.fsGroupChangePolicy has no effect on this volume | `object` | iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi | `name` | `string` @@ -12799,7 +13278,6 @@ Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supp | `object` | rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. -More info: https://examples.k8s.io/volumes/rbd/README.md | `scaleIO` | `object` @@ -13706,15 +14184,13 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class- | volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. +it can be changed after the claim is created. An empty string or nil value indicates that no +VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, +this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). | `volumeMode` | `string` @@ -14192,7 +14668,6 @@ Description:: -- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. -More info: https://examples.k8s.io/volumes/glusterfs/README.md -- Type:: @@ -14211,7 +14686,6 @@ Required:: | `endpoints` | `string` | endpoints is the endpoint name that details Glusterfs topology. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod | `path` | `string` @@ -14315,7 +14789,7 @@ Description:: -- iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi -- Type:: @@ -14644,6 +15118,43 @@ may change the order over time. | `object` | downwardAPI information about the downwardAPI data to project +| `podCertificate` +| `object` +| Projects an auto-rotating credential bundle (private key and certificate +chain) that the pod can use either as a TLS client or server. + +Kubelet generates a private key and uses it to send a +PodCertificateRequest to the named signer. Once the signer approves the +request and issues a certificate chain, Kubelet writes the key and +certificate chain to the pod filesystem. The pod does not start until +certificates have been issued for each podCertificate projected volume +source in its spec. + +Kubelet will begin trying to rotate the certificate at the time indicated +by the signer using the PodCertificateRequest.Status.BeginRefreshAt +timestamp. + +Kubelet can write a single file, indicated by the credentialBundlePath +field, or separate files, indicated by the keyPath and +certificateChainPath fields. + +The credential bundle is a single file in PEM format. The first PEM +entry is the private key (in PKCS#8 format), and the remaining PEM +entries are the certificate chain issued by the signer (typically, +signers will return their certificate chain in leaf-to-root order). + +Prefer using the credential bundle format, since your application code +can read it atomically. If you use keyPath and certificateChainPath, +your application must make two separate file reads. If these coincide +with a certificate rotation, it is possible that the private key and leaf +certificate you read may not correspond to each other. Your application +will need to check for this condition, and re-read until they are +consistent. + +The named signer controls chooses the format of the certificate it +issues; consult the signer implementation's documentation to learn how to +use the certificates it issues. + | `secret` | `object` | secret information about the secret data to project @@ -15047,6 +15558,123 @@ Required:: | `string` | Required: resource to select +|=== +=== .spec.install.spec.deployments[].spec.template.spec.volumes[].projected.sources[].podCertificate +Description:: ++ +-- +Projects an auto-rotating credential bundle (private key and certificate +chain) that the pod can use either as a TLS client or server. + +Kubelet generates a private key and uses it to send a +PodCertificateRequest to the named signer. Once the signer approves the +request and issues a certificate chain, Kubelet writes the key and +certificate chain to the pod filesystem. The pod does not start until +certificates have been issued for each podCertificate projected volume +source in its spec. + +Kubelet will begin trying to rotate the certificate at the time indicated +by the signer using the PodCertificateRequest.Status.BeginRefreshAt +timestamp. + +Kubelet can write a single file, indicated by the credentialBundlePath +field, or separate files, indicated by the keyPath and +certificateChainPath fields. + +The credential bundle is a single file in PEM format. The first PEM +entry is the private key (in PKCS#8 format), and the remaining PEM +entries are the certificate chain issued by the signer (typically, +signers will return their certificate chain in leaf-to-root order). + +Prefer using the credential bundle format, since your application code +can read it atomically. If you use keyPath and certificateChainPath, +your application must make two separate file reads. If these coincide +with a certificate rotation, it is possible that the private key and leaf +certificate you read may not correspond to each other. Your application +will need to check for this condition, and re-read until they are +consistent. + +The named signer controls chooses the format of the certificate it +issues; consult the signer implementation's documentation to learn how to +use the certificates it issues. +-- + +Type:: + `object` + +Required:: + - `keyType` + - `signerName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `certificateChainPath` +| `string` +| Write the certificate chain at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath +and certificateChainPath, your application needs to check that the key +and leaf certificate are consistent, because it is possible to read the +files mid-rotation. + +| `credentialBundlePath` +| `string` +| Write the credential bundle at this path in the projected volume. + +The credential bundle is a single file that contains multiple PEM blocks. +The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private +key. + +The remaining blocks are CERTIFICATE blocks, containing the issued +certificate chain from the signer (leaf and any intermediates). + +Using credentialBundlePath lets your Pod's application code make a single +atomic read that retrieves a consistent key and certificate chain. If you +project them to separate files, your application code will need to +additionally check that the leaf certificate was issued to the key. + +| `keyPath` +| `string` +| Write the key at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath +and certificateChainPath, your application needs to check that the key +and leaf certificate are consistent, because it is possible to read the +files mid-rotation. + +| `keyType` +| `string` +| The type of keypair Kubelet will generate for the pod. + +Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", +"ECDSAP521", and "ED25519". + +| `maxExpirationSeconds` +| `integer` +| maxExpirationSeconds is the maximum lifetime permitted for the +certificate. + +Kubelet copies this value verbatim into the PodCertificateRequests it +generates for this projection. + +If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver +will reject values shorter than 3600 (1 hour). The maximum allowable +value is 7862400 (91 days). + +The signer implementation is then free to issue a certificate with any +lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 +seconds (1 hour). This constraint is enforced by kube-apiserver. +`kubernetes.io` signers will never issue certificates with a lifetime +longer than 24 hours. + +| `signerName` +| `string` +| Kubelet's generated CSRs will be addressed to this signer. + |=== === .spec.install.spec.deployments[].spec.template.spec.volumes[].projected.sources[].secret Description:: @@ -15251,7 +15879,6 @@ Description:: -- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. -More info: https://examples.k8s.io/volumes/rbd/README.md -- Type:: diff --git a/rest_api/operatorhub_apis/operatorhub-apis-index.adoc b/rest_api/operatorhub_apis/operatorhub-apis-index.adoc index 1725374968..ea4e4aafe4 100644 --- a/rest_api/operatorhub_apis/operatorhub-apis-index.adoc +++ b/rest_api/operatorhub_apis/operatorhub-apis-index.adoc @@ -38,6 +38,17 @@ Description:: ClusterExtension is the Schema for the clusterextensions API -- +Type:: + `object` + +== ClusterExtensionRevision [olm.operatorframework.io/v1] + +Description:: ++ +-- +ClusterExtensionRevision is the Schema for the clusterextensionrevisions API +-- + Type:: `object` diff --git a/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc index 0f3ed9727d..da034ad91d 100644 --- a/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc +++ b/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc @@ -1291,8 +1291,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` @@ -1329,8 +1329,8 @@ a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +compute a sum by iterating through the elements of this field and subtracting +"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. -- @@ -1915,7 +1915,8 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. +May consist of any printable ASCII characters except '='. | `value` | `string` @@ -1960,6 +1961,11 @@ Type:: | Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| `fileKeyRef` +| `object` +| FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + | `resourceFieldRef` | `object` | Selects a resource of the container: only resources limits and requests @@ -2034,6 +2040,54 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.config.env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. +-- + +Type:: + `object` + +Required:: + - `key` + - `path` + - `volumeName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.config.env[].valueFrom.resourceFieldRef Description:: @@ -2145,7 +2199,8 @@ Type:: | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. +May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -2236,7 +2291,7 @@ Type:: | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -2265,7 +2320,7 @@ Description:: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -2687,7 +2742,6 @@ into the Pod's container. | `object` | glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. -More info: https://examples.k8s.io/volumes/glusterfs/README.md | `hostPath` | `object` @@ -2718,7 +2772,7 @@ The field spec.securityContext.fsGroupChangePolicy has no effect on this volume | `object` | iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi | `name` | `string` @@ -2762,7 +2816,6 @@ Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supp | `object` | rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. -More info: https://examples.k8s.io/volumes/rbd/README.md | `scaleIO` | `object` @@ -3669,15 +3722,13 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class- | volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. +it can be changed after the claim is created. An empty string or nil value indicates that no +VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, +this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). | `volumeMode` | `string` @@ -4155,7 +4206,6 @@ Description:: -- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. -More info: https://examples.k8s.io/volumes/glusterfs/README.md -- Type:: @@ -4174,7 +4224,6 @@ Required:: | `endpoints` | `string` | endpoints is the endpoint name that details Glusterfs topology. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod | `path` | `string` @@ -4278,7 +4327,7 @@ Description:: -- iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi -- Type:: @@ -4607,6 +4656,43 @@ may change the order over time. | `object` | downwardAPI information about the downwardAPI data to project +| `podCertificate` +| `object` +| Projects an auto-rotating credential bundle (private key and certificate +chain) that the pod can use either as a TLS client or server. + +Kubelet generates a private key and uses it to send a +PodCertificateRequest to the named signer. Once the signer approves the +request and issues a certificate chain, Kubelet writes the key and +certificate chain to the pod filesystem. The pod does not start until +certificates have been issued for each podCertificate projected volume +source in its spec. + +Kubelet will begin trying to rotate the certificate at the time indicated +by the signer using the PodCertificateRequest.Status.BeginRefreshAt +timestamp. + +Kubelet can write a single file, indicated by the credentialBundlePath +field, or separate files, indicated by the keyPath and +certificateChainPath fields. + +The credential bundle is a single file in PEM format. The first PEM +entry is the private key (in PKCS#8 format), and the remaining PEM +entries are the certificate chain issued by the signer (typically, +signers will return their certificate chain in leaf-to-root order). + +Prefer using the credential bundle format, since your application code +can read it atomically. If you use keyPath and certificateChainPath, +your application must make two separate file reads. If these coincide +with a certificate rotation, it is possible that the private key and leaf +certificate you read may not correspond to each other. Your application +will need to check for this condition, and re-read until they are +consistent. + +The named signer controls chooses the format of the certificate it +issues; consult the signer implementation's documentation to learn how to +use the certificates it issues. + | `secret` | `object` | secret information about the secret data to project @@ -5010,6 +5096,123 @@ Required:: | `string` | Required: resource to select +|=== +=== .spec.config.volumes[].projected.sources[].podCertificate +Description:: ++ +-- +Projects an auto-rotating credential bundle (private key and certificate +chain) that the pod can use either as a TLS client or server. + +Kubelet generates a private key and uses it to send a +PodCertificateRequest to the named signer. Once the signer approves the +request and issues a certificate chain, Kubelet writes the key and +certificate chain to the pod filesystem. The pod does not start until +certificates have been issued for each podCertificate projected volume +source in its spec. + +Kubelet will begin trying to rotate the certificate at the time indicated +by the signer using the PodCertificateRequest.Status.BeginRefreshAt +timestamp. + +Kubelet can write a single file, indicated by the credentialBundlePath +field, or separate files, indicated by the keyPath and +certificateChainPath fields. + +The credential bundle is a single file in PEM format. The first PEM +entry is the private key (in PKCS#8 format), and the remaining PEM +entries are the certificate chain issued by the signer (typically, +signers will return their certificate chain in leaf-to-root order). + +Prefer using the credential bundle format, since your application code +can read it atomically. If you use keyPath and certificateChainPath, +your application must make two separate file reads. If these coincide +with a certificate rotation, it is possible that the private key and leaf +certificate you read may not correspond to each other. Your application +will need to check for this condition, and re-read until they are +consistent. + +The named signer controls chooses the format of the certificate it +issues; consult the signer implementation's documentation to learn how to +use the certificates it issues. +-- + +Type:: + `object` + +Required:: + - `keyType` + - `signerName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `certificateChainPath` +| `string` +| Write the certificate chain at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath +and certificateChainPath, your application needs to check that the key +and leaf certificate are consistent, because it is possible to read the +files mid-rotation. + +| `credentialBundlePath` +| `string` +| Write the credential bundle at this path in the projected volume. + +The credential bundle is a single file that contains multiple PEM blocks. +The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private +key. + +The remaining blocks are CERTIFICATE blocks, containing the issued +certificate chain from the signer (leaf and any intermediates). + +Using credentialBundlePath lets your Pod's application code make a single +atomic read that retrieves a consistent key and certificate chain. If you +project them to separate files, your application code will need to +additionally check that the leaf certificate was issued to the key. + +| `keyPath` +| `string` +| Write the key at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath +and certificateChainPath, your application needs to check that the key +and leaf certificate are consistent, because it is possible to read the +files mid-rotation. + +| `keyType` +| `string` +| The type of keypair Kubelet will generate for the pod. + +Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", +"ECDSAP521", and "ED25519". + +| `maxExpirationSeconds` +| `integer` +| maxExpirationSeconds is the maximum lifetime permitted for the +certificate. + +Kubelet copies this value verbatim into the PodCertificateRequests it +generates for this projection. + +If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver +will reject values shorter than 3600 (1 hour). The maximum allowable +value is 7862400 (91 days). + +The signer implementation is then free to issue a certificate with any +lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 +seconds (1 hour). This constraint is enforced by kube-apiserver. +`kubernetes.io` signers will never issue certificates with a lifetime +longer than 24 hours. + +| `signerName` +| `string` +| Kubelet's generated CSRs will be addressed to this signer. + |=== === .spec.config.volumes[].projected.sources[].secret Description:: @@ -5214,7 +5417,6 @@ Description:: -- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. -More info: https://examples.k8s.io/volumes/rbd/README.md -- Type:: diff --git a/rest_api/overview/index.adoc b/rest_api/overview/index.adoc index 24516d8284..f7ba39b9c3 100644 --- a/rest_api/overview/index.adoc +++ b/rest_api/overview/index.adoc @@ -66,6 +66,8 @@ | operator.openshift.io/v1 | xref:../operatorhub_apis/clusterextension-olm-operatorframework-io-v1.adoc#clusterextension-olm-operatorframework-io-v1[ClusterExtension] | olm.operatorframework.io/v1 +| xref:../operatorhub_apis/clusterextensionrevision-olm-operatorframework-io-v1.adoc#clusterextensionrevision-olm-operatorframework-io-v1[ClusterExtensionRevision] +| olm.operatorframework.io/v1 | xref:../config_apis/clusterimagepolicy-config-openshift-io-v1.adoc#clusterimagepolicy-config-openshift-io-v1[ClusterImagePolicy] | config.openshift.io/v1 | xref:../config_apis/clusteroperator-config-openshift-io-v1.adoc#clusteroperator-config-openshift-io-v1[ClusterOperator] @@ -518,6 +520,8 @@ | admissionregistration.k8s.io/v1 | xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[VolumeAttachment] | storage.k8s.io/v1 +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[VolumeAttributesClass] +| storage.k8s.io/v1 | xref:../storage_apis/volumepopulator-populator-storage-k8s-io-v1beta1.adoc#volumepopulator-populator-storage-k8s-io-v1beta1[VolumePopulator] | populator.storage.k8s.io/v1beta1 | xref:../storage_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[VolumeSnapshot] diff --git a/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc index 07fe67ae13..5eee6b6697 100644 --- a/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc +++ b/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc @@ -145,6 +145,12 @@ without hardware profiles. | Image holds the details of the image to be provisioned. Populating the image will cause the host to start provisioning. +| `inspectionMode` +| `string` +| Specifies the mode for host inspection. +"disabled" - no inspection will be performed +"agent" - normal agent-based inspection will run + | `metaData` | `object` | MetaData holds the reference to the Secret containing host metadata diff --git a/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc index d76162844a..a8fe1adc58 100644 --- a/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc +++ b/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc @@ -97,6 +97,13 @@ which may be required for hardware that cannot accept HTTPS links. | PreprovisioningOSDownloadURLs is set of CoreOS Live URLs that would be necessary to provision a worker either using virtual media or PXE. +| `prometheusExporter` +| `object` +| PrometheusExporter configures sensor data collection and Prometheus metrics export. +When enabled, this configures Ironic to collect sensor data, deploys the +ironic-prometheus-exporter container, and creates supporting resources +(ServiceMonitor, Service ports) to expose hardware sensor metrics for Prometheus. + | `provisioningDHCPExternal` | `boolean` | ProvisioningDHCPExternal indicates whether the DHCP server @@ -249,6 +256,46 @@ Type:: | `string` | RootfsURL Image URL to be used for PXE deployments +|=== +=== .spec.prometheusExporter +Description:: ++ +-- +PrometheusExporter configures sensor data collection and Prometheus metrics export. +When enabled, this configures Ironic to collect sensor data, deploys the +ironic-prometheus-exporter container, and creates supporting resources +(ServiceMonitor, Service ports) to expose hardware sensor metrics for Prometheus. +-- + +Type:: + `object` + +Required:: + - `enabled` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `disableDefaultPrometheusRules` +| `boolean` +| DisableDefaultPrometheusRules controls whether default hardware health +alerting rules should NOT be deployed alongside the prometheus exporter. +When false (default), default prometheus rules are deployed. + +| `enabled` +| `boolean` +| Enabled controls whether sensor data collection is active. +When true, configures Ironic to collect sensor data, deploys the +ironic-prometheus-exporter container, and creates supporting resources. + +| `sensorCollectionInterval` +| `integer` +| SensorCollectionInterval defines how often (in seconds) sensor data +is collected from BMCs using Ironic. Must be at least 60 seconds. + |=== === .spec.unsupportedConfigOverrides Description:: @@ -315,6 +362,10 @@ Type:: | `object` | GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. +| `latestAvailableRevision` +| `integer` +| latestAvailableRevision is the deploymentID of the most recent deployment + | `observedGeneration` | `integer` | observedGeneration is the last generation change you've dealt with @@ -352,6 +403,8 @@ Type:: `object` Required:: + - `lastTransitionTime` + - `status` - `type` @@ -362,7 +415,8 @@ Required:: | `lastTransitionTime` | `string` -| +| lastTransitionTime is the last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. | `message` | `string` @@ -374,11 +428,11 @@ Required:: | `status` | `string` -| +| status of the condition, one of True, False, Unknown. | `type` | `string` -| +| type of condition in CamelCase or in foo.example.com/CamelCase. |=== === .status.generations @@ -404,6 +458,11 @@ GenerationStatus keeps track of the generation for a given resource so that deci Type:: `object` +Required:: + - `group` + - `name` + - `namespace` + - `resource` diff --git a/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc b/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc index 925ad39b5d..a472da8942 100644 --- a/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc +++ b/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc @@ -85,13 +85,13 @@ is allowed in the "Volumes" field. | `allowedUnsafeSysctls` | `` | allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. -Each entry is either a plain sysctl name or ends in "\*" in which case it is considered -as a prefix of allowed sysctls. Single \* means all unsafe sysctls are allowed. +Each entry is either a plain sysctl name or ends in "*" in which case it is considered +as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. Examples: -e.g. "foo/\*" allows "foo/bar", "foo/baz", etc. -e.g. "foo.\*" allows "foo.bar", "foo.baz", etc. +e.g. "foo/*" allows "foo/bar", "foo/baz", etc. +e.g. "foo.*" allows "foo.bar", "foo.baz", etc. | `apiVersion` | `string` @@ -111,8 +111,8 @@ process can gain more privileges than its parent process. | `forbiddenSysctls` | `` | forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. -Each entry is either a plain sysctl name or ends in "\*" in which case it is considered -as a prefix of forbidden sysctls. Single \* means all sysctls are forbidden. +Each entry is either a plain sysctl name or ends in "*" in which case it is considered +as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. Examples: e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. @@ -282,7 +282,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../security_apis/securitycontextconstraints-security-openshift-io-v1.adoc#securitycontextconstraints-security-openshift-io-v1[`SecurityContextConstraints`] schema -| +| |=== .HTTP responses @@ -437,7 +437,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../security_apis/securitycontextconstraints-security-openshift-io-v1.adoc#securitycontextconstraints-security-openshift-io-v1[`SecurityContextConstraints`] schema -| +| |=== .HTTP responses diff --git a/rest_api/storage_apis/csidriver-storage-k8s-io-v1.adoc b/rest_api/storage_apis/csidriver-storage-k8s-io-v1.adoc index 3ab1c0b144..574fd2ef95 100644 --- a/rest_api/storage_apis/csidriver-storage-k8s-io-v1.adoc +++ b/rest_api/storage_apis/csidriver-storage-k8s-io-v1.adoc @@ -63,7 +63,7 @@ Type:: | `attachRequired` | `boolean` -| attachRequired indicates this CSI volume driver requires an attach operation (because it implements the CSI ControllerPublishVolume() method), and that the Kubernetes attach detach controller should call the attach volume interface which checks the volumeattachment status and waits until the volume is attached before proceeding to mounting. The CSI external-attacher coordinates with CSI volume driver and updates the volumeattachment status when the attach operation is complete. If the CSIDriverRegistry feature gate is enabled and the value is specified to false, the attach operation will be skipped. Otherwise the attach operation will be called. +| attachRequired indicates this CSI volume driver requires an attach operation (because it implements the CSI ControllerPublishVolume() method), and that the Kubernetes attach detach controller should call the attach volume interface which checks the volumeattachment status and waits until the volume is attached before proceeding to mounting. The CSI external-attacher coordinates with CSI volume driver and updates the volumeattachment status when the attach operation is complete. If the value is specified to false, the attach operation will be skipped. Otherwise the attach operation will be called. This field is immutable. @@ -79,7 +79,7 @@ Defaults to ReadWriteOnceWithFSType, which will examine each volume to determine | `integer` | nodeAllocatableUpdatePeriodSeconds specifies the interval between periodic updates of the CSINode allocatable capacity for this driver. When set, both periodic updates and updates triggered by capacity-related failures are enabled. If not set, no updates occur (neither periodic nor upon detecting capacity-related failures), and the allocatable.count remains static. The minimum allowed value for this field is 10 seconds. -This is an alpha feature and requires the MutableCSINodeAllocatableCount feature gate to be enabled. +This is a beta feature and requires the MutableCSINodeAllocatableCount feature gate to be enabled. This field is mutable. diff --git a/rest_api/storage_apis/persistentvolume-v1.adoc b/rest_api/storage_apis/persistentvolume-v1.adoc index f70cec8390..202415916e 100644 --- a/rest_api/storage_apis/persistentvolume-v1.adoc +++ b/rest_api/storage_apis/persistentvolume-v1.adoc @@ -186,7 +186,7 @@ Possible enum values: | `volumeAttributesClassName` | `string` -| Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process. This is a beta field and requires enabling VolumeAttributesClass feature (off by default). +| Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process. | `volumeMode` | `string` diff --git a/rest_api/storage_apis/persistentvolumeclaim-v1.adoc b/rest_api/storage_apis/persistentvolumeclaim-v1.adoc index 9e98a91828..e44152f0e9 100644 --- a/rest_api/storage_apis/persistentvolumeclaim-v1.adoc +++ b/rest_api/storage_apis/persistentvolumeclaim-v1.adoc @@ -89,7 +89,7 @@ Type:: | `volumeAttributesClassName` | `string` -| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). +| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ | `volumeMode` | `string` @@ -282,7 +282,7 @@ This is an alpha field and requires enabling RecoverVolumeExpansionFailure featu | `currentVolumeAttributesClassName` | `string` -| currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is a beta field and requires enabling VolumeAttributesClass feature (off by default). +| currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim | `modifyVolumeStatus` | `object` diff --git a/rest_api/storage_apis/storage-apis-index.adoc b/rest_api/storage_apis/storage-apis-index.adoc index ac8e5e5eca..32874b8309 100644 --- a/rest_api/storage_apis/storage-apis-index.adoc +++ b/rest_api/storage_apis/storage-apis-index.adoc @@ -115,6 +115,17 @@ VolumeAttachment captures the intent to attach or detach the specified volume to VolumeAttachment objects are non-namespaced. -- +Type:: + `object` + +== VolumeAttributesClass [storage.k8s.io/v1] + +Description:: ++ +-- +VolumeAttributesClass represents a specification of mutable volume attributes defined by the CSI driver. The class can be specified during dynamic provisioning of PersistentVolumeClaims, and changed in the PersistentVolumeClaim spec after provisioning. +-- + Type:: `object` diff --git a/rest_api/storage_apis/volumeattachment-storage-k8s-io-v1.adoc b/rest_api/storage_apis/volumeattachment-storage-k8s-io-v1.adoc index c6c97cb3b8..d89dc49d51 100644 --- a/rest_api/storage_apis/volumeattachment-storage-k8s-io-v1.adoc +++ b/rest_api/storage_apis/volumeattachment-storage-k8s-io-v1.adoc @@ -167,7 +167,7 @@ Type:: | `integer` | errorCode is a numeric gRPC code representing the error encountered during Attach or Detach operations. -This is an optional, alpha field that requires the MutableCSINodeAllocatableCount feature gate being enabled to be set. +This is an optional, beta field that requires the MutableCSINodeAllocatableCount feature gate being enabled to be set. | `message` | `string` @@ -199,7 +199,7 @@ Type:: | `integer` | errorCode is a numeric gRPC code representing the error encountered during Attach or Detach operations. -This is an optional, alpha field that requires the MutableCSINodeAllocatableCount feature gate being enabled to be set. +This is an optional, beta field that requires the MutableCSINodeAllocatableCount feature gate being enabled to be set. | `message` | `string` diff --git a/rest_api/storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc b/rest_api/storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc new file mode 100644 index 0000000000..7c808c6e95 --- /dev/null +++ b/rest_api/storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc @@ -0,0 +1,348 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="volumeattributesclass-storage-k8s-io-v1"] += VolumeAttributesClass [storage.k8s.io/v1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +VolumeAttributesClass represents a specification of mutable volume attributes defined by the CSI driver. The class can be specified during dynamic provisioning of PersistentVolumeClaims, and changed in the PersistentVolumeClaim spec after provisioning. +-- + +Type:: + `object` + +Required:: + - `driverName` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `driverName` +| `string` +| Name of the CSI driver This field is immutable. + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `parameters` +| `object (string)` +| parameters hold volume attributes defined by the CSI driver. These values are opaque to the Kubernetes and are passed directly to the CSI driver. The underlying storage provider supports changing these attributes on an existing volume, however the parameters field itself is immutable. To invoke a volume update, a new VolumeAttributesClass should be created with new parameters, and the PersistentVolumeClaim should be updated to reference the new VolumeAttributesClass. + +This field is required and must contain at least one key/value pair. The keys cannot be empty, and the maximum number of parameters is 512, with a cumulative max size of 256K. If the CSI driver rejects invalid parameters, the target PersistentVolumeClaim will be set to an "Infeasible" state in the modifyVolumeStatus field. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/storage.k8s.io/v1/volumeattributesclasses` +- `DELETE`: delete collection of VolumeAttributesClass +- `GET`: list or watch objects of kind VolumeAttributesClass +- `POST`: create a VolumeAttributesClass +* `/apis/storage.k8s.io/v1/watch/volumeattributesclasses` +- `GET`: watch individual changes to a list of VolumeAttributesClass. deprecated: use the 'watch' parameter with a list operation instead. +* `/apis/storage.k8s.io/v1/volumeattributesclasses/{name}` +- `DELETE`: delete a VolumeAttributesClass +- `GET`: read the specified VolumeAttributesClass +- `PATCH`: partially update the specified VolumeAttributesClass +- `PUT`: replace the specified VolumeAttributesClass +* `/apis/storage.k8s.io/v1/watch/volumeattributesclasses/{name}` +- `GET`: watch changes to an object of kind VolumeAttributesClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter. + + +=== /apis/storage.k8s.io/v1/volumeattributesclasses + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of VolumeAttributesClass + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list or watch objects of kind VolumeAttributesClass + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io-k8s-api-storage-v1-VolumeAttributesClassList[`VolumeAttributesClassList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a VolumeAttributesClass + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| 201 - Created +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| 202 - Accepted +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/storage.k8s.io/v1/watch/volumeattributesclasses + + + +HTTP method:: + `GET` + +Description:: + watch individual changes to a list of VolumeAttributesClass. deprecated: use the 'watch' parameter with a list operation instead. + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-WatchEvent[`WatchEvent`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/storage.k8s.io/v1/volumeattributesclasses/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the VolumeAttributesClass +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a VolumeAttributesClass + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| 202 - Accepted +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified VolumeAttributesClass + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified VolumeAttributesClass + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| 201 - Created +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified VolumeAttributesClass + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| 201 - Created +| xref:../storage_apis/volumeattributesclass-storage-k8s-io-v1.adoc#volumeattributesclass-storage-k8s-io-v1[`VolumeAttributesClass`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/storage.k8s.io/v1/watch/volumeattributesclasses/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the VolumeAttributesClass +|=== + + +HTTP method:: + `GET` + +Description:: + watch changes to an object of kind VolumeAttributesClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter. + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-WatchEvent[`WatchEvent`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/template_apis/podtemplate-v1.adoc b/rest_api/template_apis/podtemplate-v1.adoc index 41d06dc16f..894f9b535f 100644 --- a/rest_api/template_apis/podtemplate-v1.adoc +++ b/rest_api/template_apis/podtemplate-v1.adoc @@ -149,7 +149,7 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi | `hostNetwork` | `boolean` -| Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. +| Host networking requested for this pod. Use the host's network namespace. When using HostNetwork you should specify ports so the scheduler is aware. When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`, and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`. Default to false. | `hostPID` | `boolean` @@ -163,6 +163,12 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi | `string` | Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. +| `hostnameOverride` +| `string` +| HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod. This field only specifies the pod's hostname and does not affect its DNS records. When this field is set to a non-empty string: - It takes precedence over the values set in `hostname` and `subdomain`. - The Pod's hostname will be set to this value. - `setHostnameAsFQDN` must be nil or set to false. - `hostNetwork` must be set to false. + +This field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters. Requires the HostnameOverride feature gate to be enabled. + | `imagePullSecrets` | `array` | ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod @@ -940,7 +946,7 @@ Type:: | `preferredDuringSchedulingIgnoredDuringExecution` | `array` -| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` | `object` @@ -959,7 +965,7 @@ Type:: Description:: + -- -The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. -- Type:: @@ -1148,7 +1154,7 @@ Required:: | `envFrom` | `array` -| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +| List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. | `envFrom[]` | `object` @@ -1205,7 +1211,15 @@ Possible enum values: | `restartPolicy` | `string` -| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. + +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. | `securityContext` | `object` @@ -1294,7 +1308,7 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. May consist of any printable ASCII characters except '='. | `value` | `string` @@ -1330,6 +1344,10 @@ Type:: | `object` | ObjectFieldSelector selects an APIVersioned field of an object. +| `fileKeyRef` +| `object` +| FileKeySelector selects a key of the env file. + | `resourceFieldRef` | `object` | ResourceFieldSelector represents container resources (cpu, memory) and their output format @@ -1398,6 +1416,46 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .template.spec.containers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeySelector selects a key of the env file. +-- + +Type:: + `object` + +Required:: + - `volumeName` + - `path` + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .template.spec.containers[].env[].valueFrom.resourceFieldRef Description:: @@ -1467,7 +1525,7 @@ Required:: Description:: + -- -List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. -- Type:: @@ -1501,7 +1559,7 @@ The contents of the target ConfigMap's Data field will represent the key-value p | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -2636,7 +2694,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -2659,7 +2717,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -2697,6 +2755,78 @@ Required:: | `string` | Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .template.spec.containers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .template.spec.containers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container. + +| `exitCodes` +| `object` +| ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. + +|=== +=== .template.spec.containers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. At most 255 elements are allowed. + |=== === .template.spec.containers[].securityContext Description:: @@ -3403,7 +3533,7 @@ Required:: | `envFrom` | `array` -| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +| List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. | `envFrom[]` | `object` @@ -3460,7 +3590,15 @@ Possible enum values: | `restartPolicy` | `string` -| Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. +| Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers. + +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. | `securityContext` | `object` @@ -3555,7 +3693,7 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. May consist of any printable ASCII characters except '='. | `value` | `string` @@ -3591,6 +3729,10 @@ Type:: | `object` | ObjectFieldSelector selects an APIVersioned field of an object. +| `fileKeyRef` +| `object` +| FileKeySelector selects a key of the env file. + | `resourceFieldRef` | `object` | ResourceFieldSelector represents container resources (cpu, memory) and their output format @@ -3659,6 +3801,46 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .template.spec.ephemeralContainers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeySelector selects a key of the env file. +-- + +Type:: + `object` + +Required:: + - `volumeName` + - `path` + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .template.spec.ephemeralContainers[].env[].valueFrom.resourceFieldRef Description:: @@ -3728,7 +3910,7 @@ Required:: Description:: + -- -List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. -- Type:: @@ -3762,7 +3944,7 @@ The contents of the target ConfigMap's Data field will represent the key-value p | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -4897,7 +5079,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -4920,7 +5102,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -4958,6 +5140,78 @@ Required:: | `string` | Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .template.spec.ephemeralContainers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers. +-- + +Type:: + `array` + + + + +=== .template.spec.ephemeralContainers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container. + +| `exitCodes` +| `object` +| ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. + +|=== +=== .template.spec.ephemeralContainers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. At most 255 elements are allowed. + |=== === .template.spec.ephemeralContainers[].securityContext Description:: @@ -5665,7 +5919,7 @@ Required:: | `envFrom` | `array` -| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +| List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. | `envFrom[]` | `object` @@ -5722,7 +5976,15 @@ Possible enum values: | `restartPolicy` | `string` -| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. + +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. | `securityContext` | `object` @@ -5811,7 +6073,7 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. May consist of any printable ASCII characters except '='. | `value` | `string` @@ -5847,6 +6109,10 @@ Type:: | `object` | ObjectFieldSelector selects an APIVersioned field of an object. +| `fileKeyRef` +| `object` +| FileKeySelector selects a key of the env file. + | `resourceFieldRef` | `object` | ResourceFieldSelector represents container resources (cpu, memory) and their output format @@ -5915,6 +6181,46 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .template.spec.initContainers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeySelector selects a key of the env file. +-- + +Type:: + `object` + +Required:: + - `volumeName` + - `path` + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .template.spec.initContainers[].env[].valueFrom.resourceFieldRef Description:: @@ -5984,7 +6290,7 @@ Required:: Description:: + -- -List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. -- Type:: @@ -6018,7 +6324,7 @@ The contents of the target ConfigMap's Data field will represent the key-value p | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -7153,7 +7459,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -7176,7 +7482,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -7214,6 +7520,78 @@ Required:: | `string` | Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .template.spec.initContainers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .template.spec.initContainers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container. + +| `exitCodes` +| `object` +| ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. + +|=== +=== .template.spec.initContainers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. At most 255 elements are allowed. + |=== === .template.spec.initContainers[].securityContext Description:: @@ -7936,7 +8314,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -7959,7 +8337,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -9287,7 +9665,7 @@ Type:: | `volumeAttributesClassName` | `string` -| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). +| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ | `volumeMode` | `string` @@ -9618,7 +9996,7 @@ Required:: | `endpoints` | `string` -| endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod +| endpoints is the endpoint name that details Glusterfs topology. | `path` | `string` @@ -9981,6 +10359,10 @@ The contents of the target ConfigMap's Data field will be presented in a project | `object` | Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode. +| `podCertificate` +| `object` +| PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem. + | `secret` | `object` | Adapts a secret into a projected volume. @@ -10248,6 +10630,69 @@ Required:: | `string` | Required: resource to select +|=== +=== .template.spec.volumes[].projected.sources[].podCertificate +Description:: ++ +-- +PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem. +-- + +Type:: + `object` + +Required:: + - `signerName` + - `keyType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `certificateChainPath` +| `string` +| Write the certificate chain at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation. + +| `credentialBundlePath` +| `string` +| Write the credential bundle at this path in the projected volume. + +The credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key. + +The remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates). + +Using credentialBundlePath lets your Pod's application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key. + +| `keyPath` +| `string` +| Write the key at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation. + +| `keyType` +| `string` +| The type of keypair Kubelet will generate for the pod. + +Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", "ECDSAP521", and "ED25519". + +| `maxExpirationSeconds` +| `integer` +| maxExpirationSeconds is the maximum lifetime permitted for the certificate. + +Kubelet copies this value verbatim into the PodCertificateRequests it generates for this projection. + +If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days). + +The signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours. + +| `signerName` +| `string` +| Kubelet's generated CSRs will be addressed to this signer. + |=== === .template.spec.volumes[].projected.sources[].secret Description:: diff --git a/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc b/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc index 1f39295fb5..19eb1918bf 100644 --- a/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc +++ b/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc @@ -74,7 +74,7 @@ Required:: | TemplateInstanceRequester holds the identity of an agent requesting a template instantiation. | `secret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | secret is a reference to a Secret object containing the necessary template parameters. | `template` @@ -107,7 +107,7 @@ Type:: | `extra{}` | `array (string)` -| +| | `groups` | `array (string)` @@ -529,7 +529,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../template_apis/templateinstance-template-openshift-io-v1.adoc#templateinstance-template-openshift-io-v1[`TemplateInstance`] schema -| +| |=== .HTTP responses @@ -684,7 +684,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../template_apis/templateinstance-template-openshift-io-v1.adoc#templateinstance-template-openshift-io-v1[`TemplateInstance`] schema -| +| |=== .HTTP responses @@ -816,7 +816,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../template_apis/templateinstance-template-openshift-io-v1.adoc#templateinstance-template-openshift-io-v1[`TemplateInstance`] schema -| +| |=== .HTTP responses diff --git a/rest_api/workloads_apis/build-build-openshift-io-v1.adoc b/rest_api/workloads_apis/build-build-openshift-io-v1.adoc index bb49a478a1..987bb7322e 100644 --- a/rest_api/workloads_apis/build-build-openshift-io-v1.adoc +++ b/rest_api/workloads_apis/build-build-openshift-io-v1.adoc @@ -146,7 +146,7 @@ There are five different ways to configure the hook. As an example, all forms be It is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed. | `resources` -| xref:../objects/index.adoc#io-k8s-api-core-v1-ResourceRequirements[`ResourceRequirements`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-ResourceRequirements_v3[`ResourceRequirements_v3`] | resources computes resource requirements to execute the build. | `revision` @@ -200,7 +200,7 @@ Type:: | ImageLabel represents a label applied to the resulting image. | `pushSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | PushSecret is the name of a Secret that would be used for setting up the authentication for executing the Docker push to authentication enabled Docker Registry (or Docker Hub). | `to` @@ -507,7 +507,7 @@ Type:: | SecretBuildSource describes a secret and its destination directory that will be used only at the build time. The content of the secret referenced here will be copied into the destination directory instead of mounting. | `sourceSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | sourceSecret is the name of a Secret that would be used for setting up the authentication for cloning private repository. The secret contains valid credentials for remote repository, where the data's key represent the authentication method to be used and value is the base64 encoded credentials. Supported auth methods are: ssh-privatekey. | `type` @@ -570,7 +570,7 @@ Required:: | Property | Type | Description | `configMap` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | configMap is a reference to an existing configmap that you want to use in your build. | `destinationDir` @@ -667,7 +667,7 @@ Required:: | ImageSourcePath describes a path to be copied from a source image and its destination within the build directory. | `pullSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set. |=== @@ -750,7 +750,7 @@ Required:: | destinationDir is the directory where the files from the secret should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. Later, when the script finishes, all files injected will be truncated to zero length. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build. | `secret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | secret is a reference to an existing secret that you want to use in your build. |=== @@ -816,7 +816,7 @@ Required:: | buildAPIVersion is the requested API version for the Build object serialized and passed to the custom builder | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | env contains additional environment variables you want to pass into a builder container. | `exposeDockerSocket` @@ -832,7 +832,7 @@ Required:: | from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled | `pullSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries | `secrets` @@ -882,7 +882,7 @@ Required:: | mountPath is the path at which to mount the secret | `secretSource` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | secretSource is a reference to the secret |=== @@ -904,7 +904,7 @@ Type:: | Property | Type | Description | `buildArgs` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details. NOTE: Only the 'name' and 'value' fields are supported. Any settings on the 'valueFrom' field are ignored. | `dockerfilePath` @@ -912,7 +912,7 @@ Type:: | dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir). Defaults to `Dockerfile` if unset. | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | env contains additional environment variables you want to pass into a builder container. | `forcePull` @@ -932,7 +932,7 @@ Type:: | noCache if set to true indicates that the container image build must be executed with the --no-cache=true flag | `pullSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries | `volumes` @@ -1086,7 +1086,7 @@ Type:: | Property | Type | Description | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | env contains additional environment variables you want to pass into a build pipeline. | `jenkinsfile` @@ -1118,7 +1118,7 @@ Required:: | Property | Type | Description | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | env contains additional environment variables you want to pass into a builder container. | `forcePull` @@ -1134,7 +1134,7 @@ Required:: | incremental flag forces the Source build to do incremental builds if true. | `pullSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries | `scripts` @@ -2342,7 +2342,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../workloads_apis/build-build-openshift-io-v1.adoc#build-build-openshift-io-v1[`Build`] schema -| +| |=== .HTTP responses @@ -2497,7 +2497,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../workloads_apis/build-build-openshift-io-v1.adoc#build-build-openshift-io-v1[`Build`] schema -| +| |=== .HTTP responses @@ -2580,7 +2580,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../workloads_apis/build-build-openshift-io-v1.adoc#build-build-openshift-io-v1[`Build`] schema -| +| |=== .HTTP responses diff --git a/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc b/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc index de746fcadb..5ff21c74e2 100644 --- a/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc +++ b/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc @@ -154,7 +154,7 @@ There are five different ways to configure the hook. As an example, all forms be It is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed. | `resources` -| xref:../objects/index.adoc#io-k8s-api-core-v1-ResourceRequirements[`ResourceRequirements`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-ResourceRequirements_v3[`ResourceRequirements_v3`] | resources computes resource requirements to execute the build. | `revision` @@ -216,7 +216,7 @@ Type:: | ImageLabel represents a label applied to the resulting image. | `pushSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | PushSecret is the name of a Secret that would be used for setting up the authentication for executing the Docker push to authentication enabled Docker Registry (or Docker Hub). | `to` @@ -523,7 +523,7 @@ Type:: | SecretBuildSource describes a secret and its destination directory that will be used only at the build time. The content of the secret referenced here will be copied into the destination directory instead of mounting. | `sourceSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | sourceSecret is the name of a Secret that would be used for setting up the authentication for cloning private repository. The secret contains valid credentials for remote repository, where the data's key represent the authentication method to be used and value is the base64 encoded credentials. Supported auth methods are: ssh-privatekey. | `type` @@ -586,7 +586,7 @@ Required:: | Property | Type | Description | `configMap` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | configMap is a reference to an existing configmap that you want to use in your build. | `destinationDir` @@ -683,7 +683,7 @@ Required:: | ImageSourcePath describes a path to be copied from a source image and its destination within the build directory. | `pullSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set. |=== @@ -766,7 +766,7 @@ Required:: | destinationDir is the directory where the files from the secret should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. Later, when the script finishes, all files injected will be truncated to zero length. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build. | `secret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | secret is a reference to an existing secret that you want to use in your build. |=== @@ -832,7 +832,7 @@ Required:: | buildAPIVersion is the requested API version for the Build object serialized and passed to the custom builder | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | env contains additional environment variables you want to pass into a builder container. | `exposeDockerSocket` @@ -848,7 +848,7 @@ Required:: | from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled | `pullSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries | `secrets` @@ -898,7 +898,7 @@ Required:: | mountPath is the path at which to mount the secret | `secretSource` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | secretSource is a reference to the secret |=== @@ -920,7 +920,7 @@ Type:: | Property | Type | Description | `buildArgs` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details. NOTE: Only the 'name' and 'value' fields are supported. Any settings on the 'valueFrom' field are ignored. | `dockerfilePath` @@ -928,7 +928,7 @@ Type:: | dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir). Defaults to `Dockerfile` if unset. | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | env contains additional environment variables you want to pass into a builder container. | `forcePull` @@ -948,7 +948,7 @@ Type:: | noCache if set to true indicates that the container image build must be executed with the --no-cache=true flag | `pullSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries | `volumes` @@ -1102,7 +1102,7 @@ Type:: | Property | Type | Description | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | env contains additional environment variables you want to pass into a build pipeline. | `jenkinsfile` @@ -1134,7 +1134,7 @@ Required:: | Property | Type | Description | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | env contains additional environment variables you want to pass into a builder container. | `forcePull` @@ -1150,7 +1150,7 @@ Required:: | incremental flag forces the Source build to do incremental builds if true. | `pullSecret` -| `LocalObjectReference_v2` +| xref:../objects/index.adoc#io-k8s-api-core-v1-LocalObjectReference_v2[`LocalObjectReference_v2`] | pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries | `scripts` @@ -1849,7 +1849,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../workloads_apis/buildconfig-build-openshift-io-v1.adoc#buildconfig-build-openshift-io-v1[`BuildConfig`] schema -| +| |=== .HTTP responses @@ -2004,7 +2004,7 @@ Description:: | Parameter | Type | Description | `body` | xref:../workloads_apis/buildconfig-build-openshift-io-v1.adoc#buildconfig-build-openshift-io-v1[`BuildConfig`] schema -| +| |=== .HTTP responses diff --git a/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc b/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc index 00f8afb9b0..07858885ad 100644 --- a/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc +++ b/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc @@ -40,7 +40,7 @@ Type:: | DockerStrategyOptions contains extra strategy options for container image builds | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | env contains additional environment variables you want to pass into a builder container. | `from` @@ -120,7 +120,7 @@ Type:: | Property | Type | Description | `buildArgs` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v3[`array (EnvVar_v3)`] | Args contains any build arguments that are to be passed to Docker. See https://docs.docker.com/engine/reference/builder/#/arg for more details | `noCache` diff --git a/rest_api/workloads_apis/cronjob-batch-v1.adoc b/rest_api/workloads_apis/cronjob-batch-v1.adoc index 1c4fb98334..c1fc6d2710 100644 --- a/rest_api/workloads_apis/cronjob-batch-v1.adoc +++ b/rest_api/workloads_apis/cronjob-batch-v1.adoc @@ -157,7 +157,7 @@ Required:: | `backoffLimit` | `integer` -| Specifies the number of retries before marking this job failed. Defaults to 6 +| Specifies the number of retries before marking this job failed. Defaults to 6, unless backoffLimitPerIndex (only Indexed Job) is specified. When backoffLimitPerIndex is specified, backoffLimit defaults to 2147483647. | `backoffLimitPerIndex` | `integer` @@ -210,7 +210,7 @@ This field is beta-level. The job controller accepts setting the field when the - Failed means to wait until a previously created Pod is fully terminated (has phase Failed or Succeeded) before creating a replacement Pod. -When using podFailurePolicy, Failed is the the only allowed value. TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. This is an beta field. To use this, enable the JobPodReplacementPolicy feature toggle. This is on by default. +When using podFailurePolicy, Failed is the the only allowed value. TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. Possible enum values: - `"Failed"` means to wait until a previously created Pod is fully terminated (has phase Failed or Succeeded) before creating a replacement Pod. @@ -438,7 +438,7 @@ Required:: | `rules` | `array` -| rules represents the list of alternative rules for the declaring the Jobs as successful before `.status.succeeded >= .spec.completions`. Once any of the rules are met, the "SucceededCriteriaMet" condition is added, and the lingering pods are removed. The terminal state for such a Job has the "Complete" condition. Additionally, these rules are evaluated in order; Once the Job meets one of the rules, other rules are ignored. At most 20 elements are allowed. +| rules represents the list of alternative rules for the declaring the Jobs as successful before `.status.succeeded >= .spec.completions`. Once any of the rules are met, the "SuccessCriteriaMet" condition is added, and the lingering pods are removed. The terminal state for such a Job has the "Complete" condition. Additionally, these rules are evaluated in order; Once the Job meets one of the rules, other rules are ignored. At most 20 elements are allowed. | `rules[]` | `object` @@ -449,7 +449,7 @@ Required:: Description:: + -- -rules represents the list of alternative rules for the declaring the Jobs as successful before `.status.succeeded >= .spec.completions`. Once any of the rules are met, the "SucceededCriteriaMet" condition is added, and the lingering pods are removed. The terminal state for such a Job has the "Complete" condition. Additionally, these rules are evaluated in order; Once the Job meets one of the rules, other rules are ignored. At most 20 elements are allowed. +rules represents the list of alternative rules for the declaring the Jobs as successful before `.status.succeeded >= .spec.completions`. Once any of the rules are met, the "SuccessCriteriaMet" condition is added, and the lingering pods are removed. The terminal state for such a Job has the "Complete" condition. Additionally, these rules are evaluated in order; Once the Job meets one of the rules, other rules are ignored. At most 20 elements are allowed. -- Type:: diff --git a/rest_api/workloads_apis/daemonset-apps-v1.adoc b/rest_api/workloads_apis/daemonset-apps-v1.adoc index 458bd70341..4b4cf6ecee 100644 --- a/rest_api/workloads_apis/daemonset-apps-v1.adoc +++ b/rest_api/workloads_apis/daemonset-apps-v1.adoc @@ -136,7 +136,7 @@ Type:: | `maxSurge` | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-util-intstr-IntOrString[`IntOrString`] -| The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. +| The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediately created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. | `maxUnavailable` | xref:../objects/index.adoc#io-k8s-apimachinery-pkg-util-intstr-IntOrString[`IntOrString`] diff --git a/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc b/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc index 1e2b2bcb2d..088ea8ab93 100644 --- a/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc +++ b/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc @@ -148,7 +148,7 @@ Type:: | RecreateDeploymentStrategyParams are the input to the Recreate deployment strategy. | `resources` -| xref:../objects/index.adoc#io-k8s-api-core-v1-ResourceRequirements[`ResourceRequirements`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-ResourceRequirements_v2[`ResourceRequirements_v2`] | Resources contains resource requirements to execute the deployment and any hooks. | `rollingParams` @@ -182,7 +182,7 @@ Type:: | Command is optional and overrides CMD in the container Image. | `environment` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v2[`array (EnvVar_v2)`] | Environment holds the environment which will be given to the container for Image. | `image` @@ -289,7 +289,7 @@ Required:: | ContainerName is the name of a container in the deployment pod template whose container image will be used for the hook pod's container. | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v2[`array (EnvVar_v2)`] | Env is a set of environment variables to supply to the hook pod's container. | `volumes` @@ -404,7 +404,7 @@ Required:: | ContainerName is the name of a container in the deployment pod template whose container image will be used for the hook pod's container. | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v2[`array (EnvVar_v2)`] | Env is a set of environment variables to supply to the hook pod's container. | `volumes` @@ -519,7 +519,7 @@ Required:: | ContainerName is the name of a container in the deployment pod template whose container image will be used for the hook pod's container. | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v2[`array (EnvVar_v2)`] | Env is a set of environment variables to supply to the hook pod's container. | `volumes` @@ -688,7 +688,7 @@ Required:: | ContainerName is the name of a container in the deployment pod template whose container image will be used for the hook pod's container. | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v2[`array (EnvVar_v2)`] | Env is a set of environment variables to supply to the hook pod's container. | `volumes` @@ -803,7 +803,7 @@ Required:: | ContainerName is the name of a container in the deployment pod template whose container image will be used for the hook pod's container. | `env` -| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar[`array (EnvVar)`] +| xref:../objects/index.adoc#io-k8s-api-core-v1-EnvVar_v2[`array (EnvVar_v2)`] | Env is a set of environment variables to supply to the hook pod's container. | `volumes` diff --git a/rest_api/workloads_apis/job-batch-v1.adoc b/rest_api/workloads_apis/job-batch-v1.adoc index ab68a24393..f430d0340e 100644 --- a/rest_api/workloads_apis/job-batch-v1.adoc +++ b/rest_api/workloads_apis/job-batch-v1.adoc @@ -71,7 +71,7 @@ Required:: | `backoffLimit` | `integer` -| Specifies the number of retries before marking this job failed. Defaults to 6 +| Specifies the number of retries before marking this job failed. Defaults to 6, unless backoffLimitPerIndex (only Indexed Job) is specified. When backoffLimitPerIndex is specified, backoffLimit defaults to 2147483647. | `backoffLimitPerIndex` | `integer` @@ -124,7 +124,7 @@ This field is beta-level. The job controller accepts setting the field when the - Failed means to wait until a previously created Pod is fully terminated (has phase Failed or Succeeded) before creating a replacement Pod. -When using podFailurePolicy, Failed is the the only allowed value. TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. This is an beta field. To use this, enable the JobPodReplacementPolicy feature toggle. This is on by default. +When using podFailurePolicy, Failed is the the only allowed value. TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. Possible enum values: - `"Failed"` means to wait until a previously created Pod is fully terminated (has phase Failed or Succeeded) before creating a replacement Pod. @@ -352,7 +352,7 @@ Required:: | `rules` | `array` -| rules represents the list of alternative rules for the declaring the Jobs as successful before `.status.succeeded >= .spec.completions`. Once any of the rules are met, the "SucceededCriteriaMet" condition is added, and the lingering pods are removed. The terminal state for such a Job has the "Complete" condition. Additionally, these rules are evaluated in order; Once the Job meets one of the rules, other rules are ignored. At most 20 elements are allowed. +| rules represents the list of alternative rules for the declaring the Jobs as successful before `.status.succeeded >= .spec.completions`. Once any of the rules are met, the "SuccessCriteriaMet" condition is added, and the lingering pods are removed. The terminal state for such a Job has the "Complete" condition. Additionally, these rules are evaluated in order; Once the Job meets one of the rules, other rules are ignored. At most 20 elements are allowed. | `rules[]` | `object` @@ -363,7 +363,7 @@ Required:: Description:: + -- -rules represents the list of alternative rules for the declaring the Jobs as successful before `.status.succeeded >= .spec.completions`. Once any of the rules are met, the "SucceededCriteriaMet" condition is added, and the lingering pods are removed. The terminal state for such a Job has the "Complete" condition. Additionally, these rules are evaluated in order; Once the Job meets one of the rules, other rules are ignored. At most 20 elements are allowed. +rules represents the list of alternative rules for the declaring the Jobs as successful before `.status.succeeded >= .spec.completions`. Once any of the rules are met, the "SuccessCriteriaMet" condition is added, and the lingering pods are removed. The terminal state for such a Job has the "Complete" condition. Additionally, these rules are evaluated in order; Once the Job meets one of the rules, other rules are ignored. At most 20 elements are allowed. -- Type:: diff --git a/rest_api/workloads_apis/pod-v1.adoc b/rest_api/workloads_apis/pod-v1.adoc index 48727b3c4f..15c1561ea1 100644 --- a/rest_api/workloads_apis/pod-v1.adoc +++ b/rest_api/workloads_apis/pod-v1.adoc @@ -127,7 +127,7 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi | `hostNetwork` | `boolean` -| Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. +| Host networking requested for this pod. Use the host's network namespace. When using HostNetwork you should specify ports so the scheduler is aware. When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`, and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`. Default to false. | `hostPID` | `boolean` @@ -141,6 +141,12 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi | `string` | Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. +| `hostnameOverride` +| `string` +| HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod. This field only specifies the pod's hostname and does not affect its DNS records. When this field is set to a non-empty string: - It takes precedence over the values set in `hostname` and `subdomain`. - The Pod's hostname will be set to this value. - `setHostnameAsFQDN` must be nil or set to false. - `hostNetwork` must be set to false. + +This field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters. Requires the HostnameOverride feature gate to be enabled. + | `imagePullSecrets` | `array` | ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod @@ -918,7 +924,7 @@ Type:: | `preferredDuringSchedulingIgnoredDuringExecution` | `array` -| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` | `object` @@ -937,7 +943,7 @@ Type:: Description:: + -- -The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. -- Type:: @@ -1126,7 +1132,7 @@ Required:: | `envFrom` | `array` -| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +| List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. | `envFrom[]` | `object` @@ -1183,7 +1189,15 @@ Possible enum values: | `restartPolicy` | `string` -| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. + +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. | `securityContext` | `object` @@ -1272,7 +1286,7 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. May consist of any printable ASCII characters except '='. | `value` | `string` @@ -1308,6 +1322,10 @@ Type:: | `object` | ObjectFieldSelector selects an APIVersioned field of an object. +| `fileKeyRef` +| `object` +| FileKeySelector selects a key of the env file. + | `resourceFieldRef` | `object` | ResourceFieldSelector represents container resources (cpu, memory) and their output format @@ -1376,6 +1394,46 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.containers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeySelector selects a key of the env file. +-- + +Type:: + `object` + +Required:: + - `volumeName` + - `path` + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.containers[].env[].valueFrom.resourceFieldRef Description:: @@ -1445,7 +1503,7 @@ Required:: Description:: + -- -List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. -- Type:: @@ -1479,7 +1537,7 @@ The contents of the target ConfigMap's Data field will represent the key-value p | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -2614,7 +2672,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -2637,7 +2695,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -2675,6 +2733,78 @@ Required:: | `string` | Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.containers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.containers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container. + +| `exitCodes` +| `object` +| ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. + +|=== +=== .spec.containers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. At most 255 elements are allowed. + |=== === .spec.containers[].securityContext Description:: @@ -3381,7 +3511,7 @@ Required:: | `envFrom` | `array` -| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +| List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. | `envFrom[]` | `object` @@ -3438,7 +3568,15 @@ Possible enum values: | `restartPolicy` | `string` -| Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. +| Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers. + +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. | `securityContext` | `object` @@ -3533,7 +3671,7 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. May consist of any printable ASCII characters except '='. | `value` | `string` @@ -3569,6 +3707,10 @@ Type:: | `object` | ObjectFieldSelector selects an APIVersioned field of an object. +| `fileKeyRef` +| `object` +| FileKeySelector selects a key of the env file. + | `resourceFieldRef` | `object` | ResourceFieldSelector represents container resources (cpu, memory) and their output format @@ -3637,6 +3779,46 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.ephemeralContainers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeySelector selects a key of the env file. +-- + +Type:: + `object` + +Required:: + - `volumeName` + - `path` + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.ephemeralContainers[].env[].valueFrom.resourceFieldRef Description:: @@ -3706,7 +3888,7 @@ Required:: Description:: + -- -List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. -- Type:: @@ -3740,7 +3922,7 @@ The contents of the target ConfigMap's Data field will represent the key-value p | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -4875,7 +5057,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -4898,7 +5080,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -4936,6 +5118,78 @@ Required:: | `string` | Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.ephemeralContainers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers. +-- + +Type:: + `array` + + + + +=== .spec.ephemeralContainers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container. + +| `exitCodes` +| `object` +| ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. + +|=== +=== .spec.ephemeralContainers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. At most 255 elements are allowed. + |=== === .spec.ephemeralContainers[].securityContext Description:: @@ -5643,7 +5897,7 @@ Required:: | `envFrom` | `array` -| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +| List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. | `envFrom[]` | `object` @@ -5700,7 +5954,15 @@ Possible enum values: | `restartPolicy` | `string` -| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. + +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. | `securityContext` | `object` @@ -5789,7 +6051,7 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. May consist of any printable ASCII characters except '='. | `value` | `string` @@ -5825,6 +6087,10 @@ Type:: | `object` | ObjectFieldSelector selects an APIVersioned field of an object. +| `fileKeyRef` +| `object` +| FileKeySelector selects a key of the env file. + | `resourceFieldRef` | `object` | ResourceFieldSelector represents container resources (cpu, memory) and their output format @@ -5893,6 +6159,46 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.initContainers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeySelector selects a key of the env file. +-- + +Type:: + `object` + +Required:: + - `volumeName` + - `path` + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.initContainers[].env[].valueFrom.resourceFieldRef Description:: @@ -5962,7 +6268,7 @@ Required:: Description:: + -- -List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. -- Type:: @@ -5996,7 +6302,7 @@ The contents of the target ConfigMap's Data field will represent the key-value p | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -7131,7 +7437,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -7154,7 +7460,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -7192,6 +7498,78 @@ Required:: | `string` | Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.initContainers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.initContainers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container. + +| `exitCodes` +| `object` +| ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. + +|=== +=== .spec.initContainers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. At most 255 elements are allowed. + |=== === .spec.initContainers[].securityContext Description:: @@ -7914,7 +8292,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -7937,7 +8315,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -9265,7 +9643,7 @@ Type:: | `volumeAttributesClassName` | `string` -| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). +| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ | `volumeMode` | `string` @@ -9596,7 +9974,7 @@ Required:: | `endpoints` | `string` -| endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod +| endpoints is the endpoint name that details Glusterfs topology. | `path` | `string` @@ -9959,6 +10337,10 @@ The contents of the target ConfigMap's Data field will be presented in a project | `object` | Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode. +| `podCertificate` +| `object` +| PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem. + | `secret` | `object` | Adapts a secret into a projected volume. @@ -10226,6 +10608,69 @@ Required:: | `string` | Required: resource to select +|=== +=== .spec.volumes[].projected.sources[].podCertificate +Description:: ++ +-- +PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem. +-- + +Type:: + `object` + +Required:: + - `signerName` + - `keyType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `certificateChainPath` +| `string` +| Write the certificate chain at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation. + +| `credentialBundlePath` +| `string` +| Write the credential bundle at this path in the projected volume. + +The credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key. + +The remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates). + +Using credentialBundlePath lets your Pod's application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key. + +| `keyPath` +| `string` +| Write the key at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation. + +| `keyType` +| `string` +| The type of keypair Kubelet will generate for the pod. + +Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", "ECDSAP521", and "ED25519". + +| `maxExpirationSeconds` +| `integer` +| maxExpirationSeconds is the maximum lifetime permitted for the certificate. + +Kubelet copies this value verbatim into the PodCertificateRequests it generates for this projection. + +If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days). + +The signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours. + +| `signerName` +| `string` +| Kubelet's generated CSRs will be addressed to this signer. + |=== === .spec.volumes[].projected.sources[].secret Description:: @@ -10768,6 +11213,10 @@ Type:: | `object` | ContainerStatus contains details for the current status of this container. +| `extendedResourceClaimStatus` +| `object` +| PodExtendedResourceClaimStatus is stored in the PodStatus for the extended resource requests backed by DRA. It stores the generated name for the corresponding special ResourceClaim created by the scheduler. + | `hostIP` | `string` | hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod @@ -11334,7 +11783,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -11357,7 +11806,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -12042,7 +12491,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -12065,7 +12514,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -12334,6 +12783,86 @@ Required:: | `string` | RecursiveReadOnly must be set to Disabled, Enabled, or unspecified (for non-readonly mounts). An IfPossible value in the original VolumeMount must be translated to Disabled or Enabled, depending on the mount result. +|=== +=== .status.extendedResourceClaimStatus +Description:: ++ +-- +PodExtendedResourceClaimStatus is stored in the PodStatus for the extended resource requests backed by DRA. It stores the generated name for the corresponding special ResourceClaim created by the scheduler. +-- + +Type:: + `object` + +Required:: + - `requestMappings` + - `resourceClaimName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `requestMappings` +| `array` +| RequestMappings identifies the mapping of to device request in the generated ResourceClaim. + +| `requestMappings[]` +| `object` +| ContainerExtendedResourceRequest has the mapping of container name, extended resource name to the device request name. + +| `resourceClaimName` +| `string` +| ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. + +|=== +=== .status.extendedResourceClaimStatus.requestMappings +Description:: ++ +-- +RequestMappings identifies the mapping of to device request in the generated ResourceClaim. +-- + +Type:: + `array` + + + + +=== .status.extendedResourceClaimStatus.requestMappings[] +Description:: ++ +-- +ContainerExtendedResourceRequest has the mapping of container name, extended resource name to the device request name. +-- + +Type:: + `object` + +Required:: + - `containerName` + - `resourceName` + - `requestName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `containerName` +| `string` +| The name of the container requesting resources. + +| `requestName` +| `string` +| The name of the request in the special ResourceClaim which corresponds to the extended resource. + +| `resourceName` +| `string` +| The name of the extended resource in that container which gets backed by DRA. + |=== === .status.hostIPs Description:: @@ -12787,7 +13316,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -12810,7 +13339,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- diff --git a/rest_api/workloads_apis/replicationcontroller-v1.adoc b/rest_api/workloads_apis/replicationcontroller-v1.adoc index 7158d0e149..e5689bd997 100644 --- a/rest_api/workloads_apis/replicationcontroller-v1.adoc +++ b/rest_api/workloads_apis/replicationcontroller-v1.adoc @@ -187,7 +187,7 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi | `hostNetwork` | `boolean` -| Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. +| Host networking requested for this pod. Use the host's network namespace. When using HostNetwork you should specify ports so the scheduler is aware. When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`, and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`. Default to false. | `hostPID` | `boolean` @@ -201,6 +201,12 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi | `string` | Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. +| `hostnameOverride` +| `string` +| HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod. This field only specifies the pod's hostname and does not affect its DNS records. When this field is set to a non-empty string: - It takes precedence over the values set in `hostname` and `subdomain`. - The Pod's hostname will be set to this value. - `setHostnameAsFQDN` must be nil or set to false. - `hostNetwork` must be set to false. + +This field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters. Requires the HostnameOverride feature gate to be enabled. + | `imagePullSecrets` | `array` | ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod @@ -978,7 +984,7 @@ Type:: | `preferredDuringSchedulingIgnoredDuringExecution` | `array` -| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` | `object` @@ -997,7 +1003,7 @@ Type:: Description:: + -- -The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. -- Type:: @@ -1186,7 +1192,7 @@ Required:: | `envFrom` | `array` -| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +| List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. | `envFrom[]` | `object` @@ -1243,7 +1249,15 @@ Possible enum values: | `restartPolicy` | `string` -| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. + +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. | `securityContext` | `object` @@ -1332,7 +1346,7 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. May consist of any printable ASCII characters except '='. | `value` | `string` @@ -1368,6 +1382,10 @@ Type:: | `object` | ObjectFieldSelector selects an APIVersioned field of an object. +| `fileKeyRef` +| `object` +| FileKeySelector selects a key of the env file. + | `resourceFieldRef` | `object` | ResourceFieldSelector represents container resources (cpu, memory) and their output format @@ -1436,6 +1454,46 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.template.spec.containers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeySelector selects a key of the env file. +-- + +Type:: + `object` + +Required:: + - `volumeName` + - `path` + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.template.spec.containers[].env[].valueFrom.resourceFieldRef Description:: @@ -1505,7 +1563,7 @@ Required:: Description:: + -- -List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. -- Type:: @@ -1539,7 +1597,7 @@ The contents of the target ConfigMap's Data field will represent the key-value p | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -2674,7 +2732,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -2697,7 +2755,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -2735,6 +2793,78 @@ Required:: | `string` | Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.template.spec.containers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.containers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container. + +| `exitCodes` +| `object` +| ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. + +|=== +=== .spec.template.spec.containers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. At most 255 elements are allowed. + |=== === .spec.template.spec.containers[].securityContext Description:: @@ -3441,7 +3571,7 @@ Required:: | `envFrom` | `array` -| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +| List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. | `envFrom[]` | `object` @@ -3498,7 +3628,15 @@ Possible enum values: | `restartPolicy` | `string` -| Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. +| Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers. + +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. | `securityContext` | `object` @@ -3593,7 +3731,7 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. May consist of any printable ASCII characters except '='. | `value` | `string` @@ -3629,6 +3767,10 @@ Type:: | `object` | ObjectFieldSelector selects an APIVersioned field of an object. +| `fileKeyRef` +| `object` +| FileKeySelector selects a key of the env file. + | `resourceFieldRef` | `object` | ResourceFieldSelector represents container resources (cpu, memory) and their output format @@ -3697,6 +3839,46 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.template.spec.ephemeralContainers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeySelector selects a key of the env file. +-- + +Type:: + `object` + +Required:: + - `volumeName` + - `path` + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.template.spec.ephemeralContainers[].env[].valueFrom.resourceFieldRef Description:: @@ -3766,7 +3948,7 @@ Required:: Description:: + -- -List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. -- Type:: @@ -3800,7 +3982,7 @@ The contents of the target ConfigMap's Data field will represent the key-value p | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -4935,7 +5117,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -4958,7 +5140,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -4996,6 +5178,78 @@ Required:: | `string` | Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.template.spec.ephemeralContainers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.ephemeralContainers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container. + +| `exitCodes` +| `object` +| ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. + +|=== +=== .spec.template.spec.ephemeralContainers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. At most 255 elements are allowed. + |=== === .spec.template.spec.ephemeralContainers[].securityContext Description:: @@ -5703,7 +5957,7 @@ Required:: | `envFrom` | `array` -| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +| List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. | `envFrom[]` | `object` @@ -5760,7 +6014,15 @@ Possible enum values: | `restartPolicy` | `string` -| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. + +| `restartPolicyRules` +| `array` +| Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. + +| `restartPolicyRules[]` +| `object` +| ContainerRestartRule describes how a container exit is handled. | `securityContext` | `object` @@ -5849,7 +6111,7 @@ Required:: | `name` | `string` -| Name of the environment variable. Must be a C_IDENTIFIER. +| Name of the environment variable. May consist of any printable ASCII characters except '='. | `value` | `string` @@ -5885,6 +6147,10 @@ Type:: | `object` | ObjectFieldSelector selects an APIVersioned field of an object. +| `fileKeyRef` +| `object` +| FileKeySelector selects a key of the env file. + | `resourceFieldRef` | `object` | ResourceFieldSelector represents container resources (cpu, memory) and their output format @@ -5953,6 +6219,46 @@ Required:: | `string` | Path of the field to select in the specified API version. +|=== +=== .spec.template.spec.initContainers[].env[].valueFrom.fileKeyRef +Description:: ++ +-- +FileKeySelector selects a key of the env file. +-- + +Type:: + `object` + +Required:: + - `volumeName` + - `path` + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + +| `optional` +| `boolean` +| Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. + +| `path` +| `string` +| The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. + +| `volumeName` +| `string` +| The name of the volume mount containing the env file. + |=== === .spec.template.spec.initContainers[].env[].valueFrom.resourceFieldRef Description:: @@ -6022,7 +6328,7 @@ Required:: Description:: + -- -List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. -- Type:: @@ -6056,7 +6362,7 @@ The contents of the target ConfigMap's Data field will represent the key-value p | `prefix` | `string` -| Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. +| Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='. | `secretRef` | `object` @@ -7191,7 +7497,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -7214,7 +7520,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -7252,6 +7558,78 @@ Required:: | `string` | Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. +|=== +=== .spec.template.spec.initContainers[].restartPolicyRules +Description:: ++ +-- +Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.initContainers[].restartPolicyRules[] +Description:: ++ +-- +ContainerRestartRule describes how a container exit is handled. +-- + +Type:: + `object` + +Required:: + - `action` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `action` +| `string` +| Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container. + +| `exitCodes` +| `object` +| ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. + +|=== +=== .spec.template.spec.initContainers[].restartPolicyRules[].exitCodes +Description:: ++ +-- +ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes. +-- + +Type:: + `object` + +Required:: + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `operator` +| `string` +| Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the + set of specified values. +- NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + +| `values` +| `array (integer)` +| Specifies the set of values to check for container exit codes. At most 255 elements are allowed. + |=== === .spec.template.spec.initContainers[].securityContext Description:: @@ -7974,7 +8352,7 @@ Type:: | `array` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -7997,7 +8375,7 @@ Description:: -- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. -This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. +This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. -- @@ -9325,7 +9703,7 @@ Type:: | `volumeAttributesClassName` | `string` -| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). +| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ | `volumeMode` | `string` @@ -9656,7 +10034,7 @@ Required:: | `endpoints` | `string` -| endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod +| endpoints is the endpoint name that details Glusterfs topology. | `path` | `string` @@ -10019,6 +10397,10 @@ The contents of the target ConfigMap's Data field will be presented in a project | `object` | Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode. +| `podCertificate` +| `object` +| PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem. + | `secret` | `object` | Adapts a secret into a projected volume. @@ -10286,6 +10668,69 @@ Required:: | `string` | Required: resource to select +|=== +=== .spec.template.spec.volumes[].projected.sources[].podCertificate +Description:: ++ +-- +PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem. +-- + +Type:: + `object` + +Required:: + - `signerName` + - `keyType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `certificateChainPath` +| `string` +| Write the certificate chain at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation. + +| `credentialBundlePath` +| `string` +| Write the credential bundle at this path in the projected volume. + +The credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key. + +The remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates). + +Using credentialBundlePath lets your Pod's application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key. + +| `keyPath` +| `string` +| Write the key at this path in the projected volume. + +Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation. + +| `keyType` +| `string` +| The type of keypair Kubelet will generate for the pod. + +Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", "ECDSAP521", and "ED25519". + +| `maxExpirationSeconds` +| `integer` +| maxExpirationSeconds is the maximum lifetime permitted for the certificate. + +Kubelet copies this value verbatim into the PodCertificateRequests it generates for this projection. + +If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days). + +The signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours. + +| `signerName` +| `string` +| Kubelet's generated CSRs will be addressed to this signer. + |=== === .spec.template.spec.volumes[].projected.sources[].secret Description::