diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json
index 09f9481c021746a4bacb1c253fea389170a3b6ad..5eca32a2861265cdfe337d2d74e43c1864e0b9eb 100644
--- a/jsonnet/kube-prometheus/versions.json
+++ b/jsonnet/kube-prometheus/versions.json
@@ -1,13 +1,13 @@
{
"alertmanager": "0.27.0",
"blackboxExporter": "0.25.0",
- "grafana": "11.1.4",
+ "grafana": "11.2.0",
"kubeStateMetrics": "2.13.0",
"nodeExporter": "1.8.2",
- "prometheus": "2.54.0",
+ "prometheus": "2.54.1",
"prometheusAdapter": "0.12.0",
"prometheusOperator": "0.76.0",
- "kubeRbacProxy": "0.18.0",
+ "kubeRbacProxy": "0.18.1",
"configmapReload": "0.13.1",
"pyrra": "0.6.4"
}
diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json
index b46798e78b92f784c88c6f357c375156238b8b0c..b8c3b8aa8c9c4e416077f29d1dc9cfe6dcc91d0e 100644
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -18,7 +18,7 @@
"subdir": "contrib/mixin"
}
},
- "version": "4d42c0f86ac2762253a804fc5d9e6a25b80ef21b",
+ "version": "4bb9392289623e8bf05916281bd696fbbe42fd4d",
"sum": "IXI3LQIT9NmTPJAk8WLUJd5+qZfcGpeNCyWIK7oEpws="
},
{
@@ -88,8 +88,8 @@
"subdir": "grafana-builder"
}
},
- "version": "02db06f540086fa3f67d487bd01e1b314853fb8f",
- "sum": "B49EzIY2WZsFxNMJcgRxE/gcZ9ltnS8pkOOV6Q5qioc="
+ "version": "1132fd721e4e97fbeeba24aeb0b45e9844c00e09",
+ "sum": "yxqWcq/N3E/a/XreeU6EuE6X7kYPnG0AspAQFKOjASo="
},
{
"source": {
@@ -98,7 +98,7 @@
"subdir": "mixin-utils"
}
},
- "version": "d2347d0bdf86e922758bbd6cd0f9fa0bf1421de8",
+ "version": "1132fd721e4e97fbeeba24aeb0b45e9844c00e09",
"sum": "LoYq5QxJmUXEtqkEG8CFUBLBhhzDDaNANHc7Gz36ZdM="
},
{
@@ -138,7 +138,7 @@
"subdir": "jsonnet/kube-state-metrics"
}
},
- "version": "8e4a2ec7c98cab061cd20a126ecf77584cad9dcd",
+ "version": "e6f359db36ab62b0238aff20bf568ad69f998a87",
"sum": "lO7jUSzAIy8Yk9pOWJIWgPRhubkWzVh56W6wtYfbVH4="
},
{
@@ -148,7 +148,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin"
}
},
- "version": "8e4a2ec7c98cab061cd20a126ecf77584cad9dcd",
+ "version": "e6f359db36ab62b0238aff20bf568ad69f998a87",
"sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c="
},
{
@@ -158,7 +158,7 @@
"subdir": "jsonnet/mixin"
}
},
- "version": "acc6cd28db60bbe9cfb5a788d8f93174801aedb3",
+ "version": "e7dd06566f3372d51144bffd51975806bcc14a7e",
"sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
"name": "prometheus-operator-mixin"
},
@@ -169,8 +169,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
- "version": "acc6cd28db60bbe9cfb5a788d8f93174801aedb3",
- "sum": "NT0LycutPEiTt2/LGCSB3NwVfHMgOOZN+AK5i/b1MoM="
+ "version": "e7dd06566f3372d51144bffd51975806bcc14a7e",
+ "sum": "Sc4Iv+TmicXlurzRDJXlr3K1Z044VeKdzXTQ3hwEPi4="
},
{
"source": {
@@ -179,7 +179,7 @@
"subdir": "doc/alertmanager-mixin"
}
},
- "version": "c7097ad76c07c7fc325292718115e3de9d0a125f",
+ "version": "9c711fc6d1d7613569f39bb86c41a64f1f7d254a",
"sum": "IpF46ZXsm+0wJJAPtAre8+yxTNZA57mBqGpBP/r7/kw=",
"name": "alertmanager"
},
@@ -200,7 +200,7 @@
"subdir": "documentation/prometheus-mixin"
}
},
- "version": "d4994e5bc44490441a6a6ac05331cc6fbabae0f5",
+ "version": "a35b15cea8355c4e5c76440debfaeebb1eb6ef66",
"sum": "dYLcLzGH4yF3qB7OGC/7z4nqeTNjv42L7Q3BENU8XJI=",
"name": "prometheus"
},
@@ -222,7 +222,7 @@
"subdir": "mixin"
}
},
- "version": "d96661353dfa6c01bea4214354629760bbb8c4a3",
+ "version": "3270568f6b23fb81a58695d64fbc5c5716dcc449",
"sum": "ieCD4eMgGbOlrI8GmckGPHBGQDcLasE1rULYq56W/bs=",
"name": "thanos-mixin"
},
diff --git a/manifests/blackboxExporter-deployment.yaml b/manifests/blackboxExporter-deployment.yaml
index 312a18e04580d2177f8a99d9f8b8c6f7431b0a77..07f80d9844fac1d60567a99cb2c3e206d2a5879e 100644
--- a/manifests/blackboxExporter-deployment.yaml
+++ b/manifests/blackboxExporter-deployment.yaml
@@ -86,7 +86,7 @@ spec:
- --secure-listen-address=:9115
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- --upstream=http://127.0.0.1:19115/
- image: quay.io/brancz/kube-rbac-proxy:v0.18.0
+ image: quay.io/brancz/kube-rbac-proxy:v0.18.1
name: kube-rbac-proxy
ports:
- containerPort: 9115
diff --git a/manifests/grafana-config.yaml b/manifests/grafana-config.yaml
index eea2b25c3f3d15b7a5b47d4a91742be5b95b8237..88850159aacc5dd48e1bb2ad2b5f151df4a2b12a 100644
--- a/manifests/grafana-config.yaml
+++ b/manifests/grafana-config.yaml
@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-config
namespace: monitoring
stringData:
diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml
index ac925feb2b8bde98c57636c5bb2fc4759ac09293..c7cac4f6013e703d25dc997911598af864ba80e7 100644
--- a/manifests/grafana-dashboardDatasources.yaml
+++ b/manifests/grafana-dashboardDatasources.yaml
@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-datasources
namespace: monitoring
stringData:
diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml
index 6ef07fd9cdb9f28d9fcdfa0fc51165226063e1f0..1a927f377bf9758dfce56968a2f1342c5ca08c04 100644
--- a/manifests/grafana-dashboardDefinitions.yaml
+++ b/manifests/grafana-dashboardDefinitions.yaml
@@ -600,7 +600,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-alertmanager-overview
namespace: monitoring
- apiVersion: v1
@@ -1469,7 +1469,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-apiserver
namespace: monitoring
- apiVersion: v1
@@ -2270,7 +2270,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-cluster-total
namespace: monitoring
- apiVersion: v1
@@ -2861,7 +2861,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-controller-manager
namespace: monitoring
- apiVersion: v1
@@ -3486,7 +3486,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-grafana-overview
namespace: monitoring
- apiVersion: v1
@@ -5060,7 +5060,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-k8s-resources-cluster
namespace: monitoring
- apiVersion: v1
@@ -5688,7 +5688,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-k8s-resources-multicluster
namespace: monitoring
- apiVersion: v1
@@ -7193,7 +7193,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-k8s-resources-namespace
namespace: monitoring
- apiVersion: v1
@@ -7758,7 +7758,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-k8s-resources-node
namespace: monitoring
- apiVersion: v1
@@ -9129,7 +9129,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-k8s-resources-pod
namespace: monitoring
- apiVersion: v1
@@ -10182,7 +10182,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-k8s-resources-workload
namespace: monitoring
- apiVersion: v1
@@ -11432,7 +11432,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-k8s-resources-workloads-namespace
namespace: monitoring
- apiVersion: v1
@@ -12672,7 +12672,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-kubelet
namespace: monitoring
- apiVersion: v1
@@ -13297,7 +13297,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-namespace-by-pod
namespace: monitoring
- apiVersion: v1
@@ -14080,7 +14080,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-namespace-by-workload
namespace: monitoring
- apiVersion: v1
@@ -15133,7 +15133,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-node-cluster-rsrc-use
namespace: monitoring
- apiVersion: v1
@@ -16212,7 +16212,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-node-rsrc-use
namespace: monitoring
- apiVersion: v1
@@ -17301,7 +17301,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-nodes-darwin
namespace: monitoring
- apiVersion: v1
@@ -18383,7 +18383,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-nodes
namespace: monitoring
- apiVersion: v1
@@ -18692,7 +18692,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-persistentvolumesusage
namespace: monitoring
- apiVersion: v1
@@ -19171,7 +19171,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-pod-total
namespace: monitoring
- apiVersion: v1
@@ -20830,7 +20830,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-prometheus-remote-write
namespace: monitoring
- apiVersion: v1
@@ -22071,7 +22071,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-prometheus
namespace: monitoring
- apiVersion: v1
@@ -22713,7 +22713,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-proxy
namespace: monitoring
- apiVersion: v1
@@ -23301,7 +23301,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-scheduler
namespace: monitoring
- apiVersion: v1
@@ -23870,7 +23870,7 @@ items:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboard-workload-total
namespace: monitoring
kind: ConfigMapList
diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml
index ae7aec863cdd4fc3edabfffc27b46a424a9a04df..b8ebfe2c4b58530f512fd2772b0368cc74a62dc2 100644
--- a/manifests/grafana-dashboardSources.yaml
+++ b/manifests/grafana-dashboardSources.yaml
@@ -22,6 +22,6 @@ metadata:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana-dashboards
namespace: monitoring
diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml
index 35ce22bb008d88b5618a5e77a22a4943e80379f3..123aa9daaf6764023e3e08df8ed1f42a72637db3 100644
--- a/manifests/grafana-deployment.yaml
+++ b/manifests/grafana-deployment.yaml
@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana
namespace: monitoring
spec:
@@ -18,19 +18,19 @@ spec:
template:
metadata:
annotations:
- checksum/grafana-config: f84d302a12a11da1378ef283758f6b5b
- checksum/grafana-dashboardproviders: efa159fe9baa55250e7d43df1ec80155
- checksum/grafana-datasources: 352105571f557e343e481c229d38445b
+ checksum/grafana-config: c4d088078bb55176e3910a42b41ecc08
+ checksum/grafana-dashboardproviders: b66e063b0e9d7b9e152e066f0ab965ee
+ checksum/grafana-datasources: 495c78a90b81354c8feeece92f6f5466
labels:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
spec:
automountServiceAccountToken: false
containers:
- env: []
- image: grafana/grafana:11.1.4
+ image: grafana/grafana:11.2.0
name: grafana
ports:
- containerPort: 3000
diff --git a/manifests/grafana-networkPolicy.yaml b/manifests/grafana-networkPolicy.yaml
index 15481a9852c09ebc004770b6d3d9998f38413366..5b0b60a9094c19dc9fbb87b3564321783232fc8e 100644
--- a/manifests/grafana-networkPolicy.yaml
+++ b/manifests/grafana-networkPolicy.yaml
@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana
namespace: monitoring
spec:
diff --git a/manifests/grafana-prometheusRule.yaml b/manifests/grafana-prometheusRule.yaml
index 2abdacd1585b9275896cbf3e3a54b5a0e3b01cbc..d3f7b2ae0b82eb1eb393d799c2bbaf2c9e321bc1 100644
--- a/manifests/grafana-prometheusRule.yaml
+++ b/manifests/grafana-prometheusRule.yaml
@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
prometheus: k8s
role: alert-rules
name: grafana-rules
diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml
index c9951ae5b84dd7a31f6360271a515af1686b1c88..f0b096dfaeb8490c46047a6ce6b8cac1e1884525 100644
--- a/manifests/grafana-service.yaml
+++ b/manifests/grafana-service.yaml
@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana
namespace: monitoring
spec:
diff --git a/manifests/grafana-serviceAccount.yaml b/manifests/grafana-serviceAccount.yaml
index d5f4ab6ba48e5671e70ec0ceb0596c432589d415..3cbd26ce94cb9f0db98d8c45cac16ddcc0ede259 100644
--- a/manifests/grafana-serviceAccount.yaml
+++ b/manifests/grafana-serviceAccount.yaml
@@ -6,6 +6,6 @@ metadata:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana
namespace: monitoring
diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml
index 26e364367756bea27166b5a71e35f93e100a1d89..ac854f3f4c7c4de80978efdf2540eab2831178e7 100644
--- a/manifests/grafana-serviceMonitor.yaml
+++ b/manifests/grafana-serviceMonitor.yaml
@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 11.1.4
+ app.kubernetes.io/version: 11.2.0
name: grafana
namespace: monitoring
spec:
diff --git a/manifests/kubeStateMetrics-deployment.yaml b/manifests/kubeStateMetrics-deployment.yaml
index 465d361c65e1749d5cca72ff5b1464d632b5ad5e..e7d14fbb9be02c6a71e21d98594ba2103663b6a5 100644
--- a/manifests/kubeStateMetrics-deployment.yaml
+++ b/manifests/kubeStateMetrics-deployment.yaml
@@ -56,7 +56,7 @@ spec:
- --secure-listen-address=:8443
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- --upstream=http://127.0.0.1:8081/
- image: quay.io/brancz/kube-rbac-proxy:v0.18.0
+ image: quay.io/brancz/kube-rbac-proxy:v0.18.1
name: kube-rbac-proxy-main
ports:
- containerPort: 8443
@@ -83,7 +83,7 @@ spec:
- --secure-listen-address=:9443
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- --upstream=http://127.0.0.1:8082/
- image: quay.io/brancz/kube-rbac-proxy:v0.18.0
+ image: quay.io/brancz/kube-rbac-proxy:v0.18.1
name: kube-rbac-proxy-self
ports:
- containerPort: 9443
diff --git a/manifests/nodeExporter-daemonset.yaml b/manifests/nodeExporter-daemonset.yaml
index 770a17e097c9cedf1fa6a3aeb9b5ae9bbdbf1eb2..1a91ebbbc7af2933fa33d68f96da9d607962ac25 100644
--- a/manifests/nodeExporter-daemonset.yaml
+++ b/manifests/nodeExporter-daemonset.yaml
@@ -72,7 +72,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: status.podIP
- image: quay.io/brancz/kube-rbac-proxy:v0.18.0
+ image: quay.io/brancz/kube-rbac-proxy:v0.18.1
name: kube-rbac-proxy
ports:
- containerPort: 9100
diff --git a/manifests/prometheus-clusterRole.yaml b/manifests/prometheus-clusterRole.yaml
index ea971084e7a88e2e1e6c3f4fa4f03aa2e6efe7ba..2d4589c9cfd2910485507a715ceb27993878b1cf 100644
--- a/manifests/prometheus-clusterRole.yaml
+++ b/manifests/prometheus-clusterRole.yaml
@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
rules:
- apiGroups:
diff --git a/manifests/prometheus-clusterRoleBinding.yaml b/manifests/prometheus-clusterRoleBinding.yaml
index c8c231478d3b719f992e74b8927be3638ceb687c..124472f37cc6ba3136ab480f2c59fee9010b93fe 100644
--- a/manifests/prometheus-clusterRoleBinding.yaml
+++ b/manifests/prometheus-clusterRoleBinding.yaml
@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
roleRef:
apiGroup: rbac.authorization.k8s.io
diff --git a/manifests/prometheus-networkPolicy.yaml b/manifests/prometheus-networkPolicy.yaml
index e8daeff51ff9f5590429f59f4d6b6f27f928ee43..732a1d71f862ba01e50bc2d5d043d300d9cced7e 100644
--- a/manifests/prometheus-networkPolicy.yaml
+++ b/manifests/prometheus-networkPolicy.yaml
@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
namespace: monitoring
spec:
diff --git a/manifests/prometheus-podDisruptionBudget.yaml b/manifests/prometheus-podDisruptionBudget.yaml
index a16f811def8fed27a71320a425a784729b7de923..1996dbf8d9f3bbe47ca73e258865b5b71b3aa6b9 100644
--- a/manifests/prometheus-podDisruptionBudget.yaml
+++ b/manifests/prometheus-podDisruptionBudget.yaml
@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
namespace: monitoring
spec:
diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml
index 8a3201607612188caf6070c1868931963ddd7768..bc8787959dbd30461238e750fb474fbd751321c4 100644
--- a/manifests/prometheus-prometheus.yaml
+++ b/manifests/prometheus-prometheus.yaml
@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: k8s
namespace: monitoring
spec:
@@ -18,7 +18,7 @@ spec:
port: web
enableFeatures: []
externalLabels: {}
- image: quay.io/prometheus/prometheus:v2.54.0
+ image: quay.io/prometheus/prometheus:v2.54.1
nodeSelector:
kubernetes.io/os: linux
podMetadata:
@@ -27,7 +27,7 @@ spec:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
podMonitorNamespaceSelector: {}
podMonitorSelector: {}
probeNamespaceSelector: {}
@@ -47,4 +47,4 @@ spec:
serviceAccountName: prometheus-k8s
serviceMonitorNamespaceSelector: {}
serviceMonitorSelector: {}
- version: 2.54.0
+ version: 2.54.1
diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml
index 5bbde94431ce8e997a48453f69b6b8a39750bf97..2c9f51c9585856ab9b947eecab6250a5d0eb0777 100644
--- a/manifests/prometheus-prometheusRule.yaml
+++ b/manifests/prometheus-prometheusRule.yaml
@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
prometheus: k8s
role: alert-rules
name: prometheus-k8s-prometheus-rules
diff --git a/manifests/prometheus-roleBindingConfig.yaml b/manifests/prometheus-roleBindingConfig.yaml
index de7096d3efe3cee43678d476f429a7e84ec69b59..7e92b83620b2e7d520d9a5b67ddc7bcf51bad429 100644
--- a/manifests/prometheus-roleBindingConfig.yaml
+++ b/manifests/prometheus-roleBindingConfig.yaml
@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s-config
namespace: monitoring
roleRef:
diff --git a/manifests/prometheus-roleBindingSpecificNamespaces.yaml b/manifests/prometheus-roleBindingSpecificNamespaces.yaml
index fa285dc2f04f68d52160c6ff23931fad952480e6..942775a0b099e3e8007f932b56323cd494e38c85 100644
--- a/manifests/prometheus-roleBindingSpecificNamespaces.yaml
+++ b/manifests/prometheus-roleBindingSpecificNamespaces.yaml
@@ -8,7 +8,7 @@ items:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
namespace: default
roleRef:
@@ -27,7 +27,7 @@ items:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
namespace: kube-system
roleRef:
@@ -46,7 +46,7 @@ items:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
namespace: monitoring
roleRef:
diff --git a/manifests/prometheus-roleConfig.yaml b/manifests/prometheus-roleConfig.yaml
index 3fbc39e06fc30f738745aab7d6253e3c9b246458..c4c365ee22f52ae6a920e615222acdb004115cfc 100644
--- a/manifests/prometheus-roleConfig.yaml
+++ b/manifests/prometheus-roleConfig.yaml
@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s-config
namespace: monitoring
rules:
diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml
index 3955ddd75e164aef037a07352cc4971140043ec6..b72a0b41b1c647b8bedff86b67016a9a37d31777 100644
--- a/manifests/prometheus-roleSpecificNamespaces.yaml
+++ b/manifests/prometheus-roleSpecificNamespaces.yaml
@@ -8,7 +8,7 @@ items:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
namespace: default
rules:
@@ -46,7 +46,7 @@ items:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
namespace: kube-system
rules:
@@ -84,7 +84,7 @@ items:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
namespace: monitoring
rules:
diff --git a/manifests/prometheus-service.yaml b/manifests/prometheus-service.yaml
index 5317d3d1293a1f16690573208aa3412640566320..7072839a919abbb8ecbd6d6aec95511cbeeb55ab 100644
--- a/manifests/prometheus-service.yaml
+++ b/manifests/prometheus-service.yaml
@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
namespace: monitoring
spec:
diff --git a/manifests/prometheus-serviceAccount.yaml b/manifests/prometheus-serviceAccount.yaml
index 26eec919ee04a30be1c7ba91324e693f63fe0b9c..fcf6a56a2f0389c9569a97c50b20f5ce72451cc3 100644
--- a/manifests/prometheus-serviceAccount.yaml
+++ b/manifests/prometheus-serviceAccount.yaml
@@ -7,6 +7,6 @@ metadata:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
namespace: monitoring
diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml
index f0b93b32ebd9c3df246ea18ed1481a3c65ae52cc..c555c807ce5b28fe88cd6caaa5c0757e682c030a 100644
--- a/manifests/prometheus-serviceMonitor.yaml
+++ b/manifests/prometheus-serviceMonitor.yaml
@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: k8s
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 2.54.0
+ app.kubernetes.io/version: 2.54.1
name: prometheus-k8s
namespace: monitoring
spec:
diff --git a/manifests/prometheusOperator-deployment.yaml b/manifests/prometheusOperator-deployment.yaml
index 1ecc22e006eb9d1672f510a03bd79a450cfa2807..b1c649744aa196f756f93d11ca10868ae1128547 100644
--- a/manifests/prometheusOperator-deployment.yaml
+++ b/manifests/prometheusOperator-deployment.yaml
@@ -55,7 +55,7 @@ spec:
- --secure-listen-address=:8443
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- --upstream=http://127.0.0.1:8080/
- image: quay.io/brancz/kube-rbac-proxy:v0.18.0
+ image: quay.io/brancz/kube-rbac-proxy:v0.18.1
name: kube-rbac-proxy
ports:
- containerPort: 8443
diff --git a/manifests/setup/0scrapeconfigCustomResourceDefinition.yaml b/manifests/setup/0scrapeconfigCustomResourceDefinition.yaml
index 7c38d65fd5869223330843f7b6d3ed8e86b9003b..10b36d4ae957fe839f7b089506d80b490ed9d086 100644
--- a/manifests/setup/0scrapeconfigCustomResourceDefinition.yaml
+++ b/manifests/setup/0scrapeconfigCustomResourceDefinition.yaml
@@ -45,20 +45,175 @@ spec:
spec:
description: ScrapeConfigSpec is a specification of the desired configuration for a scrape configuration.
properties:
- NomadSDConfigs:
- description: NomadSDConfigs defines a list of Nomad service discovery configurations.
+ authorization:
+ description: Authorization header to use on every scrape request.
+ properties:
+ credentials:
+ description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: |-
+ Defines the authentication type. The value is case-insensitive.
+
+ "Basic" is not a supported value.
+
+ Default: "Bearer"
+ type: string
+ type: object
+ azureSDConfigs:
+ description: AzureSDConfigs defines a list of Azure service discovery configurations.
items:
description: |-
- NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API.
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config
+ AzureSDConfig allow retrieving scrape targets from Azure VMs.
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config
+ properties:
+ authenticationMethod:
+ description: |-
+ # The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`.
+ See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
+ SDK authentication method uses environment variables by default.
+ See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
+ enum:
+ - OAuth
+ - ManagedIdentity
+ - SDK
+ type: string
+ clientID:
+ description: Optional client ID. Only required with the OAuth authentication method.
+ type: string
+ clientSecret:
+ description: Optional client secret. Only required with the OAuth authentication method.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ environment:
+ description: The Azure environment.
+ type: string
+ port:
+ description: |-
+ The port to scrape metrics from. If using the public IP address, this must
+ instead be specified in the relabeling rule.
+ type: integer
+ refreshInterval:
+ description: RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ resourceGroup:
+ description: Optional resource group name. Limits discovery to this resource group.
+ type: string
+ subscriptionID:
+ description: The subscription ID. Always required.
+ minLength: 1
+ type: string
+ tenantID:
+ description: Optional tenant ID. Only required with the OAuth authentication method.
+ type: string
+ required:
+ - subscriptionID
+ type: object
+ type: array
+ basicAuth:
+ description: BasicAuth information to use on every scrape request.
+ properties:
+ password:
+ description: |-
+ `password` specifies a key of a Secret containing the password for
+ authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: |-
+ `username` specifies a key of a Secret containing the username for
+ authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ consulSDConfigs:
+ description: ConsulSDConfigs defines a list of Consul service discovery configurations.
+ items:
+ description: |-
+ ConsulSDConfig defines a Consul service discovery configuration
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config
properties:
allowStale:
description: |-
- The information to access the Nomad API. It is to be defined
- as the Nomad documentation requires.
+ Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul.
+ If unset, Prometheus uses its default value.
type: boolean
authorization:
- description: Authorization header to use on every scrape request.
+ description: Authorization header configuration to authenticate against the Consul Server.
properties:
credentials:
description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
@@ -92,7 +247,9 @@ spec:
type: string
type: object
basicAuth:
- description: BasicAuth information to use on every scrape request.
+ description: |-
+ BasicAuth information to authenticate against the Consul Server.
+ More info: https://prometheus.io/docs/operating/configuration/#endpoints
properties:
password:
description: |-
@@ -143,13 +300,21 @@ spec:
type: object
x-kubernetes-map-type: atomic
type: object
+ datacenter:
+ description: Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter.
+ type: string
enableHTTP2:
- description: Whether to enable HTTP2.
+ description: |-
+ Whether to enable HTTP2.
+ If unset, Prometheus uses its default value.
type: boolean
followRedirects:
- description: Configure whether HTTP requests follow HTTP 3xx redirects.
+ description: |-
+ Configure whether HTTP requests follow HTTP 3xx redirects.
+ If unset, Prometheus uses its default value.
type: boolean
namespace:
+ description: Namespaces are only supported in Consul Enterprise.
type: string
noProxy:
description: |-
@@ -159,10 +324,14 @@ spec:
It requires Prometheus >= v2.43.0.
type: string
+ nodeMeta:
+ additionalProperties:
+ type: string
+ description: Node metadata key/value pairs to filter nodes for a given service.
+ type: object
+ x-kubernetes-map-type: atomic
oauth2:
- description: |-
- Optional OAuth 2.0 configuration.
- Cannot be set at the same time as `authorization` or `basic_auth`.
+ description: Optional OAuth 2.0 configuration.
properties:
clientId:
description: |-
@@ -462,6 +631,9 @@ spec:
- clientSecret
- tokenUrl
type: object
+ partition:
+ description: Admin Partitions are only supported in Consul Enterprise.
+ type: string
proxyConnectHeader:
additionalProperties:
items:
@@ -507,20 +679,40 @@ spec:
type: string
refreshInterval:
description: |-
- Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function.
- Supported units: y, w, d, h, m, s, ms
- Examples: `30s`, `1m`, `1h20m15s`, `15d`
+ The time after which the provided names are refreshed.
+ On large setup it might be a good idea to increase this value because the catalog will change all the time.
+ If unset, Prometheus uses its default value.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
- region:
+ scheme:
+ description: HTTP Scheme default "http"
+ enum:
+ - HTTP
+ - HTTPS
type: string
server:
+ description: A valid string consisting of a hostname or IP followed by an optional port number.
minLength: 1
type: string
+ services:
+ description: A list of services for which targets are retrieved. If omitted, all services are scraped.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
tagSeparator:
+ description: |-
+ The string by which Consul tags are joined into the tag label.
+ If unset, Prometheus uses its default value.
type: string
+ tags:
+ description: An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
tlsConfig:
- description: TLS configuration applying to the target HTTP endpoint.
+ description: TLS Config
properties:
ca:
description: Certificate authority used when verifying server certificates.
@@ -669,179 +861,44 @@ spec:
description: Used to verify the hostname for the targets.
type: string
type: object
+ tokenRef:
+ description: Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
required:
- server
type: object
type: array
- authorization:
- description: Authorization header to use on every scrape request.
- properties:
- credentials:
- description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type:
- description: |-
- Defines the authentication type. The value is case-insensitive.
-
- "Basic" is not a supported value.
-
- Default: "Bearer"
- type: string
- type: object
- azureSDConfigs:
- description: AzureSDConfigs defines a list of Azure service discovery configurations.
- items:
- description: |-
- AzureSDConfig allow retrieving scrape targets from Azure VMs.
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#azure_sd_config
- properties:
- authenticationMethod:
- description: |-
- # The authentication method, either `OAuth` or `ManagedIdentity` or `SDK`.
- See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
- SDK authentication method uses environment variables by default.
- See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
- enum:
- - OAuth
- - ManagedIdentity
- - SDK
- type: string
- clientID:
- description: Optional client ID. Only required with the OAuth authentication method.
- type: string
- clientSecret:
- description: Optional client secret. Only required with the OAuth authentication method.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- environment:
- description: The Azure environment.
- type: string
- port:
- description: |-
- The port to scrape metrics from. If using the public IP address, this must
- instead be specified in the relabeling rule.
- type: integer
- refreshInterval:
- description: RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.
- pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
- type: string
- resourceGroup:
- description: Optional resource group name. Limits discovery to this resource group.
- type: string
- subscriptionID:
- description: The subscription ID. Always required.
- minLength: 1
- type: string
- tenantID:
- description: Optional tenant ID. Only required with the OAuth authentication method.
- type: string
- required:
- - subscriptionID
- type: object
- type: array
- basicAuth:
- description: BasicAuth information to use on every scrape request.
- properties:
- password:
- description: |-
- `password` specifies a key of a Secret containing the password for
- authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- username:
- description: |-
- `username` specifies a key of a Secret containing the username for
- authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- consulSDConfigs:
- description: ConsulSDConfigs defines a list of Consul service discovery configurations.
+ digitalOceanSDConfigs:
+ description: DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations.
items:
description: |-
- ConsulSDConfig defines a Consul service discovery configuration
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config
+ DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API.
+ This service discovery uses the public IPv4 address by default, by that can be changed with relabeling
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config
properties:
- allowStale:
- description: |-
- Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul.
- If unset, Prometheus uses its default value.
- type: boolean
authorization:
- description: Authorization header configuration to authenticate against the Consul Server.
+ description: |-
+ Authorization header configuration to authenticate against the DigitalOcean API.
+ Cannot be set at the same time as `oauth2`.
properties:
credentials:
description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
@@ -874,76 +931,12 @@ spec:
Default: "Bearer"
type: string
type: object
- basicAuth:
- description: |-
- BasicAuth information to authenticate against the Consul Server.
- More info: https://prometheus.io/docs/operating/configuration/#endpoints
- properties:
- password:
- description: |-
- `password` specifies a key of a Secret containing the password for
- authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- username:
- description: |-
- `username` specifies a key of a Secret containing the username for
- authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- datacenter:
- description: Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter.
- type: string
enableHTTP2:
- description: |-
- Whether to enable HTTP2.
- If unset, Prometheus uses its default value.
+ description: Whether to enable HTTP2.
type: boolean
followRedirects:
- description: |-
- Configure whether HTTP requests follow HTTP 3xx redirects.
- If unset, Prometheus uses its default value.
+ description: Configure whether HTTP requests follow HTTP 3xx redirects.
type: boolean
- namespace:
- description: Namespaces are only supported in Consul Enterprise.
- type: string
noProxy:
description: |-
`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
@@ -952,14 +945,10 @@ spec:
It requires Prometheus >= v2.43.0.
type: string
- nodeMeta:
- additionalProperties:
- type: string
- description: Node metadata key/value pairs to filter nodes for a given service.
- type: object
- x-kubernetes-map-type: atomic
oauth2:
- description: Optional OAuth 2.0 configuration.
+ description: |-
+ Optional OAuth 2.0 configuration.
+ Cannot be set at the same time as `authorization`.
properties:
clientId:
description: |-
@@ -1259,9 +1248,9 @@ spec:
- clientSecret
- tokenUrl
type: object
- partition:
- description: Admin Partitions are only supported in Consul Enterprise.
- type: string
+ port:
+ description: The port to scrape metrics from.
+ type: integer
proxyConnectHeader:
additionalProperties:
items:
@@ -1306,41 +1295,11 @@ spec:
pattern: ^http(s)?://.+$
type: string
refreshInterval:
- description: |-
- The time after which the provided names are refreshed.
- On large setup it might be a good idea to increase this value because the catalog will change all the time.
- If unset, Prometheus uses its default value.
+ description: Refresh interval to re-read the instance list.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
- scheme:
- description: HTTP Scheme default "http"
- enum:
- - HTTP
- - HTTPS
- type: string
- server:
- description: A valid string consisting of a hostname or IP followed by an optional port number.
- minLength: 1
- type: string
- services:
- description: A list of services for which targets are retrieved. If omitted, all services are scraped.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- tagSeparator:
- description: |-
- The string by which Consul tags are joined into the tag label.
- If unset, Prometheus uses its default value.
- type: string
- tags:
- description: An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
tlsConfig:
- description: TLS Config
+ description: TLS configuration applying to the target HTTP endpoint.
properties:
ca:
description: Certificate authority used when verifying server certificates.
@@ -1489,43 +1448,66 @@ spec:
description: Used to verify the hostname for the targets.
type: string
type: object
- tokenRef:
- description: Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ dnsSDConfigs:
+ description: DNSSDConfigs defines a list of DNS service discovery configurations.
+ items:
+ description: |-
+ DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets.
+ The DNS servers to be contacted are read from /etc/resolv.conf.
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config
+ properties:
+ names:
+ description: A list of DNS domain names to be queried.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ port:
+ description: |-
+ The port number used if the query type is not SRV
+ Ignored for SRV records
+ format: int32
+ maximum: 65535
+ minimum: 0
+ type: integer
+ refreshInterval:
+ description: |-
+ RefreshInterval configures the time after which the provided names are refreshed.
+ If not set, Prometheus uses its default value.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ type:
+ description: |-
+ The type of DNS query to perform. One of SRV, A, AAAA, MX or NS.
+ If not set, Prometheus uses its default value.
+
+ When set to NS, it requires Prometheus >= v2.49.0.
+ When set to MX, it requires Prometheus >= v2.38.0
+ enum:
+ - A
+ - AAAA
+ - MX
+ - NS
+ - SRV
+ type: string
required:
- - server
+ - names
type: object
type: array
- digitalOceanSDConfigs:
- description: DigitalOceanSDConfigs defines a list of DigitalOcean service discovery configurations.
+ dockerSDConfigs:
+ description: DockerSDConfigs defines a list of Docker service discovery configurations.
items:
description: |-
- DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API.
- This service discovery uses the public IPv4 address by default, by that can be changed with relabeling
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config
+ Docker SD configurations allow retrieving scrape targets from Docker Engine hosts.
+ This SD discovers "containers" and will create a target for each network IP and
+ port the container is configured to expose.
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config
properties:
authorization:
description: |-
- Authorization header configuration to authenticate against the DigitalOcean API.
+ Authorization header configuration to authenticate against the Docker API.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -1559,12 +1541,99 @@ spec:
Default: "Bearer"
type: string
type: object
+ basicAuth:
+ description: BasicAuth information to use on every scrape request.
+ properties:
+ password:
+ description: |-
+ `password` specifies a key of a Secret containing the password for
+ authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: |-
+ `username` specifies a key of a Secret containing the username for
+ authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
enableHTTP2:
description: Whether to enable HTTP2.
type: boolean
+ filters:
+ description: Optional filters to limit the discovery process to a subset of the available resources.
+ items:
+ description: Filter name and value pairs to limit the discovery process to a subset of available resources.
+ properties:
+ name:
+ description: Name of the Filter.
+ type: string
+ values:
+ description: Value to filter on.
+ items:
+ type: string
+ minItems: 1
+ type: array
+ required:
+ - name
+ - values
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
followRedirects:
description: Configure whether HTTP requests follow HTTP 3xx redirects.
type: boolean
+ host:
+ description: Address of the docker daemon
+ minLength: 1
+ type: string
+ hostNetworkingHost:
+ description: The host to use if the container is in host networking mode.
+ type: string
+ matchFirstNetwork:
+ description: |-
+ Configure whether to match the first network if the container has multiple networks defined.
+ If unset, Prometheus uses true by default.
+ It requires Prometheus >= v2.54.0.
+ type: boolean
noProxy:
description: |-
`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
@@ -1923,7 +1992,7 @@ spec:
pattern: ^http(s)?://.+$
type: string
refreshInterval:
- description: Refresh interval to re-read the instance list.
+ description: Time after which the container is refreshed.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
tlsConfig:
@@ -2076,67 +2145,19 @@ spec:
description: Used to verify the hostname for the targets.
type: string
type: object
- type: object
- type: array
- dnsSDConfigs:
- description: DNSSDConfigs defines a list of DNS service discovery configurations.
- items:
- description: |-
- DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets.
- The DNS servers to be contacted are read from /etc/resolv.conf.
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config
- properties:
- names:
- description: A list of DNS domain names to be queried.
- items:
- type: string
- minItems: 1
- type: array
- port:
- description: |-
- The port number used if the query type is not SRV
- Ignored for SRV records
- format: int32
- maximum: 65535
- minimum: 0
- type: integer
- refreshInterval:
- description: |-
- RefreshInterval configures the time after which the provided names are refreshed.
- If not set, Prometheus uses its default value.
- pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
- type: string
- type:
- description: |-
- The type of DNS query to perform. One of SRV, A, AAAA, MX or NS.
- If not set, Prometheus uses its default value.
-
- When set to NS, it requires Prometheus >= v2.49.0.
- When set to MX, it requires Prometheus >= v2.38.0
- enum:
- - A
- - AAAA
- - MX
- - NS
- - SRV
- type: string
required:
- - names
+ - host
type: object
type: array
- dockerSDConfigs:
- description: DockerSDConfigs defines a list of Docker service discovery configurations.
+ dockerSwarmSDConfigs:
+ description: DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations.
items:
description: |-
- Docker SD configurations allow retrieving scrape targets from Docker Engine hosts.
- This SD discovers "containers" and will create a target for each network IP and
- port the container is configured to expose.
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config
+ DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine.
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config
properties:
authorization:
- description: |-
- Authorization header configuration to authenticate against the Docker API.
- Cannot be set at the same time as `oauth2`.
+ description: Authorization header configuration to authenticate against the target HTTP endpoint.
properties:
credentials:
description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
@@ -2170,7 +2191,7 @@ spec:
type: string
type: object
basicAuth:
- description: BasicAuth information to use on every scrape request.
+ description: Optional HTTP basic authentication information.
properties:
password:
description: |-
@@ -2225,7 +2246,13 @@ spec:
description: Whether to enable HTTP2.
type: boolean
filters:
- description: Optional filters to limit the discovery process to a subset of the available resources.
+ description: |-
+ Optional filters to limit the discovery process to a subset of available
+ resources.
+ The available filters are listed in the upstream documentation:
+ Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList
+ Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList
+ Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList
items:
description: Filter name and value pairs to limit the discovery process to a subset of available resources.
properties:
@@ -2250,18 +2277,9 @@ spec:
description: Configure whether HTTP requests follow HTTP 3xx redirects.
type: boolean
host:
- description: Address of the docker daemon
- minLength: 1
- type: string
- hostNetworkingHost:
- description: The host to use if the container is in host networking mode.
+ description: Address of the Docker daemon
+ pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$
type: string
- matchFirstNetwork:
- description: |-
- Configure whether to match the first network if the container has multiple networks defined.
- If unset, Prometheus uses true by default.
- It requires Prometheus >= v2.54.0.
- type: boolean
noProxy:
description: |-
`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
@@ -2273,7 +2291,7 @@ spec:
oauth2:
description: |-
Optional OAuth 2.0 configuration.
- Cannot be set at the same time as `authorization`.
+ Cannot be set at the same time as `authorization`, or `basicAuth`.
properties:
clientId:
description: |-
@@ -2574,7 +2592,12 @@ spec:
- tokenUrl
type: object
port:
- description: The port to scrape metrics from.
+ description: |-
+ The port to scrape metrics from, when `role` is nodes, and for discovered
+ tasks and services that don't have published ports.
+ format: int32
+ maximum: 65535
+ minimum: 0
type: integer
proxyConnectHeader:
additionalProperties:
@@ -2620,11 +2643,18 @@ spec:
pattern: ^http(s)?://.+$
type: string
refreshInterval:
- description: Time after which the container is refreshed.
+ description: The time after which the service discovery data is refreshed.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
+ role:
+ description: Role of the targets to retrieve. Must be `Services`, `Tasks`, or `Nodes`.
+ enum:
+ - Services
+ - Tasks
+ - Nodes
+ type: string
tlsConfig:
- description: TLS configuration applying to the target HTTP endpoint.
+ description: TLS configuration to use on every scrape request
properties:
ca:
description: Certificate authority used when verifying server certificates.
@@ -2775,112 +2805,55 @@ spec:
type: object
required:
- host
+ - role
type: object
type: array
- dockerSwarmSDConfigs:
- description: DockerswarmSDConfigs defines a list of Dockerswarm service discovery configurations.
+ ec2SDConfigs:
+ description: EC2SDConfigs defines a list of EC2 service discovery configurations.
items:
description: |-
- DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine.
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config
+ EC2SDConfig allow retrieving scrape targets from AWS EC2 instances.
+ The private IP address is used by default, but may be changed to the public IP address with relabeling.
+ The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config
+
+ The EC2 service discovery requires AWS API keys or role ARN for authentication.
+ BasicAuth, Authorization and OAuth2 fields are not present on purpose.
properties:
- authorization:
- description: Authorization header configuration to authenticate against the target HTTP endpoint.
+ accessKey:
+ description: AccessKey is the AWS API key.
properties:
- credentials:
- description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type:
- description: |-
- Defines the authentication type. The value is case-insensitive.
-
- "Basic" is not a supported value.
-
- Default: "Bearer"
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
type: string
- type: object
- basicAuth:
- description: Optional HTTP basic authentication information.
- properties:
- password:
- description: |-
- `password` specifies a key of a Secret containing the password for
- authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- username:
+ name:
+ default: ""
description: |-
- `username` specifies a key of a Secret containing the username for
- authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
type: object
+ x-kubernetes-map-type: atomic
enableHTTP2:
- description: Whether to enable HTTP2.
+ description: |-
+ Whether to enable HTTP2.
+ It requires Prometheus >= v2.41.0
type: boolean
filters:
description: |-
- Optional filters to limit the discovery process to a subset of available
- resources.
- The available filters are listed in the upstream documentation:
- Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList
- Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList
- Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList
+ Filters can be used optionally to filter the instance list by other criteria.
+ Available filter criteria can be found here:
+ https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
+ Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html
+ It requires Prometheus >= v2.3.0
items:
description: Filter name and value pairs to limit the discovery process to a subset of available resources.
properties:
@@ -2902,12 +2875,10 @@ spec:
- name
x-kubernetes-list-type: map
followRedirects:
- description: Configure whether HTTP requests follow HTTP 3xx redirects.
+ description: |-
+ Configure whether HTTP requests follow HTTP 3xx redirects.
+ It requires Prometheus >= v2.41.0
type: boolean
- host:
- description: Address of the Docker daemon
- pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$
- type: string
noProxy:
description: |-
`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
@@ -2916,65 +2887,18 @@ spec:
It requires Prometheus >= v2.43.0.
type: string
- oauth2:
+ port:
description: |-
- Optional OAuth 2.0 configuration.
- Cannot be set at the same time as `authorization`, or `basicAuth`.
- properties:
- clientId:
- description: |-
- `clientId` specifies a key of a Secret or ConfigMap containing the
- OAuth2 client's ID.
- properties:
- configMap:
- description: ConfigMap containing data to use for the targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- secret:
- description: Secret containing data to use for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- clientSecret:
- description: |-
- `clientSecret` specifies a key of a Secret containing the OAuth2
- client's secret.
+ The port to scrape metrics from. If using the public IP address, this must
+ instead be specified in the relabeling rule.
+ format: int32
+ maximum: 65535
+ minimum: 0
+ type: integer
+ proxyConnectHeader:
+ additionalProperties:
+ items:
+ description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@@ -2995,11 +2919,413 @@ spec:
- key
type: object
x-kubernetes-map-type: atomic
- endpointParams:
- additionalProperties:
- type: string
- description: |-
- `endpointParams` configures the HTTP parameters to append to the token
+ type: array
+ description: |-
+ ProxyConnectHeader optionally specifies headers to send to
+ proxies during CONNECT requests.
+
+ It requires Prometheus >= v2.43.0.
+ type: object
+ x-kubernetes-map-type: atomic
+ proxyFromEnvironment:
+ description: |-
+ Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+ If unset, Prometheus uses its default value.
+
+ It requires Prometheus >= v2.43.0.
+ type: boolean
+ proxyUrl:
+ description: '`proxyURL` defines the HTTP proxy server to use.'
+ pattern: ^http(s)?://.+$
+ type: string
+ refreshInterval:
+ description: RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ region:
+ description: The AWS region.
+ minLength: 1
+ type: string
+ roleARN:
+ description: AWS Role ARN, an alternative to using AWS API keys.
+ minLength: 1
+ type: string
+ secretKey:
+ description: SecretKey is the AWS API secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ tlsConfig:
+ description: |-
+ TLS configuration to connect to the AWS EC2 API.
+ It requires Prometheus >= v2.41.0
+ properties:
+ ca:
+ description: Certificate authority used when verifying server certificates.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Client certificate to present when doing client-authentication.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ maxVersion:
+ description: |-
+ Maximum acceptable TLS version.
+
+ It requires Prometheus >= v2.41.0.
+ enum:
+ - TLS10
+ - TLS11
+ - TLS12
+ - TLS13
+ type: string
+ minVersion:
+ description: |-
+ Minimum acceptable TLS version.
+
+ It requires Prometheus >= v2.35.0.
+ enum:
+ - TLS10
+ - TLS11
+ - TLS12
+ - TLS13
+ type: string
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ type: object
+ type: array
+ enableCompression:
+ description: |-
+ When false, Prometheus will request uncompressed response from the scraped target.
+
+ It requires Prometheus >= v2.49.0.
+
+ If unset, Prometheus uses true by default.
+ type: boolean
+ eurekaSDConfigs:
+ description: EurekaSDConfigs defines a list of Eureka service discovery configurations.
+ items:
+ description: |-
+ Eureka SD configurations allow retrieving scrape targets using the Eureka REST API.
+ Prometheus will periodically check the REST endpoint and create a target for every app instance.
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config
+ properties:
+ authorization:
+ description: Authorization header to use on every scrape request.
+ properties:
+ credentials:
+ description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: |-
+ Defines the authentication type. The value is case-insensitive.
+
+ "Basic" is not a supported value.
+
+ Default: "Bearer"
+ type: string
+ type: object
+ basicAuth:
+ description: BasicAuth information to use on every scrape request.
+ properties:
+ password:
+ description: |-
+ `password` specifies a key of a Secret containing the password for
+ authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: |-
+ `username` specifies a key of a Secret containing the username for
+ authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ enableHTTP2:
+ description: Whether to enable HTTP2.
+ type: boolean
+ followRedirects:
+ description: Configure whether HTTP requests follow HTTP 3xx redirects.
+ type: boolean
+ noProxy:
+ description: |-
+ `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+ that should be excluded from proxying. IP and domain names can
+ contain port numbers.
+
+ It requires Prometheus >= v2.43.0.
+ type: string
+ oauth2:
+ description: |-
+ Optional OAuth 2.0 configuration.
+ Cannot be set at the same time as `authorization` or `basic_auth`.
+ properties:
+ clientId:
+ description: |-
+ `clientId` specifies a key of a Secret or ConfigMap containing the
+ OAuth2 client's ID.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ clientSecret:
+ description: |-
+ `clientSecret` specifies a key of a Secret containing the OAuth2
+ client's secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ endpointParams:
+ additionalProperties:
+ type: string
+ description: |-
+ `endpointParams` configures the HTTP parameters to append to the token
URL.
type: object
noProxy:
@@ -3219,14 +3545,6 @@ spec:
- clientSecret
- tokenUrl
type: object
- port:
- description: |-
- The port to scrape metrics from, when `role` is nodes, and for discovered
- tasks and services that don't have published ports.
- format: int32
- maximum: 65535
- minimum: 0
- type: integer
proxyConnectHeader:
additionalProperties:
items:
@@ -3271,18 +3589,15 @@ spec:
pattern: ^http(s)?://.+$
type: string
refreshInterval:
- description: The time after which the service discovery data is refreshed.
+ description: Refresh interval to re-read the instance list.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
- role:
- description: Role of the targets to retrieve. Must be `Services`, `Tasks`, or `Nodes`.
- enum:
- - Services
- - Tasks
- - Nodes
+ server:
+ description: The URL to connect to the Eureka server.
+ minLength: 1
type: string
tlsConfig:
- description: TLS configuration to use on every scrape request
+ description: TLS configuration applying to the target HTTP endpoint.
properties:
ca:
description: Certificate authority used when verifying server certificates.
@@ -3332,8 +3647,307 @@ spec:
type: object
x-kubernetes-map-type: atomic
type: object
- cert:
- description: Client certificate to present when doing client-authentication.
+ cert:
+ description: Client certificate to present when doing client-authentication.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ maxVersion:
+ description: |-
+ Maximum acceptable TLS version.
+
+ It requires Prometheus >= v2.41.0.
+ enum:
+ - TLS10
+ - TLS11
+ - TLS12
+ - TLS13
+ type: string
+ minVersion:
+ description: |-
+ Minimum acceptable TLS version.
+
+ It requires Prometheus >= v2.35.0.
+ enum:
+ - TLS10
+ - TLS11
+ - TLS12
+ - TLS13
+ type: string
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ required:
+ - server
+ type: object
+ type: array
+ fileSDConfigs:
+ description: FileSDConfigs defines a list of file service discovery configurations.
+ items:
+ description: |-
+ FileSDConfig defines a Prometheus file service discovery configuration
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config
+ properties:
+ files:
+ description: |-
+ List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the
+ prometheus-operator project makes no guarantees about the working directory where the configuration file is
+ stored.
+ Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets.
+ items:
+ description: SDFile represents a file used for service discovery
+ pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ refreshInterval:
+ description: RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ required:
+ - files
+ type: object
+ type: array
+ gceSDConfigs:
+ description: GCESDConfigs defines a list of GCE service discovery configurations.
+ items:
+ description: |-
+ GCESDConfig configures scrape targets from GCP GCE instances.
+ The private IP address is used by default, but may be changed to
+ the public IP address with relabeling.
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config
+
+ The GCE service discovery will load the Google Cloud credentials
+ from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
+ See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform
+
+ A pre-requisite for using GCESDConfig is that a Secret containing valid
+ Google Cloud credentials is mounted into the Prometheus or PrometheusAgent
+ pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS
+ environment variable is set to /etc/prometheus/secrets/<secret-name>/<credentials-filename.json>.
+ properties:
+ filter:
+ description: |-
+ Filter can be used optionally to filter the instance list by other criteria
+ Syntax of this filter is described in the filter query parameter section:
+ https://cloud.google.com/compute/docs/reference/latest/instances/list
+ type: string
+ port:
+ description: |-
+ The port to scrape metrics from. If using the public IP address, this must
+ instead be specified in the relabeling rule.
+ type: integer
+ project:
+ description: The Google Cloud Project ID
+ minLength: 1
+ type: string
+ refreshInterval:
+ description: RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ tagSeparator:
+ description: The tag separator is used to separate the tags on concatenation
+ type: string
+ zone:
+ description: The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs.
+ minLength: 1
+ type: string
+ required:
+ - project
+ - zone
+ type: object
+ type: array
+ hetznerSDConfigs:
+ description: HetznerSDConfigs defines a list of Hetzner service discovery configurations.
+ items:
+ description: |-
+ HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API.
+ This service discovery uses the public IPv4 address by default, but that can be changed with relabeling
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config
+ properties:
+ authorization:
+ description: |-
+ Authorization header configuration, required when role is hcloud.
+ Role robot does not support bearer token authentication.
+ properties:
+ credentials:
+ description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
+ description: |-
+ Defines the authentication type. The value is case-insensitive.
+
+ "Basic" is not a supported value.
+
+ Default: "Bearer"
+ type: string
+ type: object
+ basicAuth:
+ description: |-
+ BasicAuth information to use on every scrape request, required when role is robot.
+ Role hcloud does not support basic auth.
+ properties:
+ password:
+ description: |-
+ `password` specifies a key of a Secret containing the password for
+ authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ username:
+ description: |-
+ `username` specifies a key of a Secret containing the username for
+ authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ enableHTTP2:
+ description: Whether to enable HTTP2.
+ type: boolean
+ followRedirects:
+ description: Configure whether HTTP requests follow HTTP 3xx redirects.
+ type: boolean
+ noProxy:
+ description: |-
+ `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+ that should be excluded from proxying. IP and domain names can
+ contain port numbers.
+
+ It requires Prometheus >= v2.43.0.
+ type: string
+ oauth2:
+ description: |-
+ Optional OAuth 2.0 configuration.
+ Cannot be used at the same time as `basic_auth` or `authorization`.
+ properties:
+ clientId:
+ description: |-
+ `clientId` specifies a key of a Secret or ConfigMap containing the
+ OAuth2 client's ID.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
@@ -3380,11 +3994,10 @@ spec:
type: object
x-kubernetes-map-type: atomic
type: object
- insecureSkipVerify:
- description: Disable target certificate validation.
- type: boolean
- keySecret:
- description: Secret containing the client key file for the targets.
+ clientSecret:
+ description: |-
+ `clientSecret` specifies a key of a Secret containing the OAuth2
+ client's secret.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@@ -3405,123 +4018,232 @@ spec:
- key
type: object
x-kubernetes-map-type: atomic
- maxVersion:
+ endpointParams:
+ additionalProperties:
+ type: string
description: |-
- Maximum acceptable TLS version.
+ `endpointParams` configures the HTTP parameters to append to the token
+ URL.
+ type: object
+ noProxy:
+ description: |-
+ `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+ that should be excluded from proxying. IP and domain names can
+ contain port numbers.
- It requires Prometheus >= v2.41.0.
- enum:
- - TLS10
- - TLS11
- - TLS12
- - TLS13
+ It requires Prometheus >= v2.43.0.
type: string
- minVersion:
+ proxyConnectHeader:
+ additionalProperties:
+ items:
+ description: SecretKeySelector selects a key of a Secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
description: |-
- Minimum acceptable TLS version.
+ ProxyConnectHeader optionally specifies headers to send to
+ proxies during CONNECT requests.
- It requires Prometheus >= v2.35.0.
- enum:
- - TLS10
- - TLS11
- - TLS12
- - TLS13
- type: string
- serverName:
- description: Used to verify the hostname for the targets.
- type: string
- type: object
- required:
- - host
- - role
- type: object
- type: array
- ec2SDConfigs:
- description: EC2SDConfigs defines a list of EC2 service discovery configurations.
- items:
- description: |-
- EC2SDConfig allow retrieving scrape targets from AWS EC2 instances.
- The private IP address is used by default, but may be changed to the public IP address with relabeling.
- The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config
+ It requires Prometheus >= v2.43.0.
+ type: object
+ x-kubernetes-map-type: atomic
+ proxyFromEnvironment:
+ description: |-
+ Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+ If unset, Prometheus uses its default value.
- The EC2 service discovery requires AWS API keys or role ARN for authentication.
- BasicAuth, Authorization and OAuth2 fields are not present on purpose.
- properties:
- accessKey:
- description: AccessKey is the AWS API key.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
+ It requires Prometheus >= v2.43.0.
+ type: boolean
+ proxyUrl:
+ description: '`proxyURL` defines the HTTP proxy server to use.'
+ pattern: ^http(s)?://.+$
type: string
- name:
- default: ""
+ scopes:
+ description: '`scopes` defines the OAuth2 scopes used for the token request.'
+ items:
+ type: string
+ type: array
+ tlsConfig:
description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TLS configuration to use when connecting to the OAuth2 server.
+ It requires Prometheus >= v2.43.0.
+ properties:
+ ca:
+ description: Certificate authority used when verifying server certificates.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ cert:
+ description: Client certificate to present when doing client-authentication.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key file for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ maxVersion:
+ description: |-
+ Maximum acceptable TLS version.
+
+ It requires Prometheus >= v2.41.0.
+ enum:
+ - TLS10
+ - TLS11
+ - TLS12
+ - TLS13
+ type: string
+ minVersion:
+ description: |-
+ Minimum acceptable TLS version.
+
+ It requires Prometheus >= v2.35.0.
+ enum:
+ - TLS10
+ - TLS11
+ - TLS12
+ - TLS13
+ type: string
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ tokenUrl:
+ description: '`tokenURL` configures the URL to fetch the token from.'
+ minLength: 1
type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
required:
- - key
+ - clientId
+ - clientSecret
+ - tokenUrl
type: object
- x-kubernetes-map-type: atomic
- enableHTTP2:
- description: |-
- Whether to enable HTTP2.
- It requires Prometheus >= v2.41.0
- type: boolean
- filters:
- description: |-
- Filters can be used optionally to filter the instance list by other criteria.
- Available filter criteria can be found here:
- https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
- Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html
- It requires Prometheus >= v2.3.0
- items:
- description: Filter name and value pairs to limit the discovery process to a subset of available resources.
- properties:
- name:
- description: Name of the Filter.
- type: string
- values:
- description: Value to filter on.
- items:
- type: string
- minItems: 1
- type: array
- required:
- - name
- - values
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- followRedirects:
- description: |-
- Configure whether HTTP requests follow HTTP 3xx redirects.
- It requires Prometheus >= v2.41.0
- type: boolean
- noProxy:
- description: |-
- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
- that should be excluded from proxying. IP and domain names can
- contain port numbers.
-
- It requires Prometheus >= v2.43.0.
- type: string
port:
- description: |-
- The port to scrape metrics from. If using the public IP address, this must
- instead be specified in the relabeling rule.
- format: int32
- maximum: 65535
- minimum: 0
+ description: The port to scrape metrics from.
type: integer
proxyConnectHeader:
additionalProperties:
@@ -3567,43 +4289,19 @@ spec:
pattern: ^http(s)?://.+$
type: string
refreshInterval:
- description: RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.
+ description: The time after which the servers are refreshed.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
- region:
- description: The AWS region.
- minLength: 1
- type: string
- roleARN:
- description: AWS Role ARN, an alternative to using AWS API keys.
- minLength: 1
+ role:
+ description: The Hetzner role of entities that should be discovered.
+ enum:
+ - hcloud
+ - Hcloud
+ - robot
+ - Robot
type: string
- secretKey:
- description: SecretKey is the AWS API secret.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
tlsConfig:
- description: |-
- TLS configuration to connect to the AWS EC2 API.
- It requires Prometheus >= v2.41.0
+ description: TLS configuration to use on every scrape request.
properties:
ca:
description: Certificate authority used when verifying server certificates.
@@ -3752,26 +4450,27 @@ spec:
description: Used to verify the hostname for the targets.
type: string
type: object
+ required:
+ - role
type: object
type: array
- enableCompression:
- description: |-
- When false, Prometheus will request uncompressed response from the scraped target.
-
- It requires Prometheus >= v2.49.0.
-
- If unset, Prometheus uses true by default.
+ honorLabels:
+ description: HonorLabels chooses the metric's labels on collisions with target labels.
type: boolean
- eurekaSDConfigs:
- description: EurekaSDConfigs defines a list of Eureka service discovery configurations.
+ honorTimestamps:
+ description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.
+ type: boolean
+ httpSDConfigs:
+ description: HTTPSDConfigs defines a list of HTTP service discovery configurations.
items:
description: |-
- Eureka SD configurations allow retrieving scrape targets using the Eureka REST API.
- Prometheus will periodically check the REST endpoint and create a target for every app instance.
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config
+ HTTPSDConfig defines a prometheus HTTP service discovery configuration
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config
properties:
authorization:
- description: Authorization header to use on every scrape request.
+ description: |-
+ Authorization header configuration to authenticate against the target HTTP endpoint.
+ Cannot be set at the same time as `oAuth2`, or `basicAuth`.
properties:
credentials:
description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
@@ -3805,7 +4504,10 @@ spec:
type: string
type: object
basicAuth:
- description: BasicAuth information to use on every scrape request.
+ description: |-
+ BasicAuth information to authenticate against the target HTTP endpoint.
+ More info: https://prometheus.io/docs/operating/configuration/#endpoints
+ Cannot be set at the same time as `authorization`, or `oAuth2`.
properties:
password:
description: |-
@@ -3872,8 +4574,8 @@ spec:
type: string
oauth2:
description: |-
- Optional OAuth 2.0 configuration.
- Cannot be set at the same time as `authorization` or `basic_auth`.
+ Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint.
+ Cannot be set at the same time as `authorization`, or `basicAuth`.
properties:
clientId:
description: |-
@@ -4217,13 +4919,11 @@ spec:
pattern: ^http(s)?://.+$
type: string
refreshInterval:
- description: Refresh interval to re-read the instance list.
+ description: |-
+ RefreshInterval configures the refresh interval at which Prometheus will re-query the
+ endpoint to update the target list.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
- server:
- description: The URL to connect to the Eureka server.
- minLength: 1
- type: string
tlsConfig:
description: TLS configuration applying to the target HTTP endpoint.
properties:
@@ -4374,98 +5074,66 @@ spec:
description: Used to verify the hostname for the targets.
type: string
type: object
- required:
- - server
- type: object
- type: array
- fileSDConfigs:
- description: FileSDConfigs defines a list of file service discovery configurations.
- items:
- description: |-
- FileSDConfig defines a Prometheus file service discovery configuration
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config
- properties:
- files:
- description: |-
- List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the
- prometheus-operator project makes no guarantees about the working directory where the configuration file is
- stored.
- Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets.
- items:
- description: SDFile represents a file used for service discovery
- pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$
- type: string
- minItems: 1
- type: array
- refreshInterval:
- description: RefreshInterval configures the refresh interval at which Prometheus will reload the content of the files.
- pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
- type: string
- required:
- - files
- type: object
- type: array
- gceSDConfigs:
- description: GCESDConfigs defines a list of GCE service discovery configurations.
- items:
- description: |-
- GCESDConfig configures scrape targets from GCP GCE instances.
- The private IP address is used by default, but may be changed to
- the public IP address with relabeling.
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config
-
- The GCE service discovery will load the Google Cloud credentials
- from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
- See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform
-
- A pre-requisite for using GCESDConfig is that a Secret containing valid
- Google Cloud credentials is mounted into the Prometheus or PrometheusAgent
- pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS
- environment variable is set to /etc/prometheus/secrets/<secret-name>/<credentials-filename.json>.
- properties:
- filter:
- description: |-
- Filter can be used optionally to filter the instance list by other criteria
- Syntax of this filter is described in the filter query parameter section:
- https://cloud.google.com/compute/docs/reference/latest/instances/list
- type: string
- port:
- description: |-
- The port to scrape metrics from. If using the public IP address, this must
- instead be specified in the relabeling rule.
- type: integer
- project:
- description: The Google Cloud Project ID
- minLength: 1
- type: string
- refreshInterval:
- description: RefreshInterval configures the refresh interval at which Prometheus will re-read the instance list.
- pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
- type: string
- tagSeparator:
- description: The tag separator is used to separate the tags on concatenation
- type: string
- zone:
- description: The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs.
+ url:
+ description: URL from which the targets are fetched.
minLength: 1
+ pattern: ^http(s)?://.+$
type: string
required:
- - project
- - zone
+ - url
type: object
type: array
- hetznerSDConfigs:
- description: HetznerSDConfigs defines a list of Hetzner service discovery configurations.
+ jobName:
+ description: |-
+ The value of the `job` label assigned to the scraped metrics by default.
+
+ The `job_name` field in the rendered scrape configuration is always controlled by the
+ operator to prevent duplicate job names, which Prometheus does not allow. Instead the
+ `job` label is set by means of relabeling configs.
+ minLength: 1
+ type: string
+ keepDroppedTargets:
+ description: |-
+ Per-scrape limit on the number of targets dropped by relabeling
+ that will be kept in memory. 0 means no limit.
+
+ It requires Prometheus >= v2.47.0.
+ format: int64
+ type: integer
+ kubernetesSDConfigs:
+ description: KubernetesSDConfigs defines a list of Kubernetes service discovery configurations.
items:
description: |-
- HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API.
- This service discovery uses the public IPv4 address by default, but that can be changed with relabeling
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config
+ KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API.
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config
properties:
+ apiServer:
+ description: |-
+ The API server address consisting of a hostname or IP address followed
+ by an optional port number.
+ If left empty, Prometheus is assumed to run inside
+ of the cluster. It will discover API servers automatically and use the pod's
+ CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
+ minLength: 1
+ type: string
+ attachMetadata:
+ description: |-
+ Optional metadata to attach to discovered targets.
+ It requires Prometheus >= v2.35.0 when using the `Pod` role and
+ Prometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles.
+ properties:
+ node:
+ description: |-
+ Attaches node metadata to discovered targets.
+ When set to true, Prometheus must have the `get` permission on the
+ `Nodes` objects.
+ Only valid for Pod, Endpoint and Endpointslice roles.
+ type: boolean
+ type: object
authorization:
description: |-
- Authorization header configuration, required when role is hcloud.
- Role robot does not support bearer token authentication.
+ Authorization header to use on every scrape request.
+ Cannot be set at the same time as `basicAuth`, or `oauth2`.
properties:
credentials:
description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
@@ -4500,8 +5168,8 @@ spec:
type: object
basicAuth:
description: |-
- BasicAuth information to use on every scrape request, required when role is robot.
- Role hcloud does not support basic auth.
+ BasicAuth information to use on every scrape request.
+ Cannot be set at the same time as `authorization`, or `oauth2`.
properties:
password:
description: |-
@@ -4558,6 +5226,21 @@ spec:
followRedirects:
description: Configure whether HTTP requests follow HTTP 3xx redirects.
type: boolean
+ namespaces:
+ description: Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces.
+ properties:
+ names:
+ description: |-
+ List of namespaces where to watch for resources.
+ If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ ownNamespace:
+ description: Includes the namespace in which the Prometheus pod runs to the list of watched namespaces.
+ type: boolean
+ type: object
noProxy:
description: |-
`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
@@ -4569,7 +5252,7 @@ spec:
oauth2:
description: |-
Optional OAuth 2.0 configuration.
- Cannot be used at the same time as `basic_auth` or `authorization`.
+ Cannot be set at the same time as `authorization`, or `basicAuth`.
properties:
clientId:
description: |-
@@ -4805,206 +5488,15 @@ spec:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- insecureSkipVerify:
- description: Disable target certificate validation.
- type: boolean
- keySecret:
- description: Secret containing the client key file for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- maxVersion:
- description: |-
- Maximum acceptable TLS version.
-
- It requires Prometheus >= v2.41.0.
- enum:
- - TLS10
- - TLS11
- - TLS12
- - TLS13
- type: string
- minVersion:
- description: |-
- Minimum acceptable TLS version.
-
- It requires Prometheus >= v2.35.0.
- enum:
- - TLS10
- - TLS11
- - TLS12
- - TLS13
- type: string
- serverName:
- description: Used to verify the hostname for the targets.
- type: string
- type: object
- tokenUrl:
- description: '`tokenURL` configures the URL to fetch the token from.'
- minLength: 1
- type: string
- required:
- - clientId
- - clientSecret
- - tokenUrl
- type: object
- port:
- description: The port to scrape metrics from.
- type: integer
- proxyConnectHeader:
- additionalProperties:
- items:
- description: SecretKeySelector selects a key of a Secret.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: array
- description: |-
- ProxyConnectHeader optionally specifies headers to send to
- proxies during CONNECT requests.
-
- It requires Prometheus >= v2.43.0.
- type: object
- x-kubernetes-map-type: atomic
- proxyFromEnvironment:
- description: |-
- Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
- If unset, Prometheus uses its default value.
-
- It requires Prometheus >= v2.43.0.
- type: boolean
- proxyUrl:
- description: '`proxyURL` defines the HTTP proxy server to use.'
- pattern: ^http(s)?://.+$
- type: string
- refreshInterval:
- description: The time after which the servers are refreshed.
- pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
- type: string
- role:
- description: The Hetzner role of entities that should be discovered.
- enum:
- - hcloud
- - Hcloud
- - robot
- - Robot
- type: string
- tlsConfig:
- description: TLS configuration to use on every scrape request.
- properties:
- ca:
- description: Certificate authority used when verifying server certificates.
- properties:
- configMap:
- description: ConfigMap containing data to use for the targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- secret:
- description: Secret containing data to use for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- cert:
- description: Client certificate to present when doing client-authentication.
- properties:
- configMap:
- description: ConfigMap containing data to use for the targets.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the ConfigMap or its key must be defined
- type: boolean
- required:
- - key
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
type: object
- x-kubernetes-map-type: atomic
- secret:
- description: Secret containing data to use for the targets.
+ insecureSkipVerify:
+ description: Disable target certificate validation.
+ type: boolean
+ keySecret:
+ description: Secret containing the client key file for the targets.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@@ -5025,171 +5517,41 @@ spec:
- key
type: object
x-kubernetes-map-type: atomic
- type: object
- insecureSkipVerify:
- description: Disable target certificate validation.
- type: boolean
- keySecret:
- description: Secret containing the client key file for the targets.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
+ maxVersion:
description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- maxVersion:
- description: |-
- Maximum acceptable TLS version.
-
- It requires Prometheus >= v2.41.0.
- enum:
- - TLS10
- - TLS11
- - TLS12
- - TLS13
- type: string
- minVersion:
- description: |-
- Minimum acceptable TLS version.
+ Maximum acceptable TLS version.
- It requires Prometheus >= v2.35.0.
- enum:
- - TLS10
- - TLS11
- - TLS12
- - TLS13
- type: string
- serverName:
- description: Used to verify the hostname for the targets.
- type: string
- type: object
- required:
- - role
- type: object
- type: array
- honorLabels:
- description: HonorLabels chooses the metric's labels on collisions with target labels.
- type: boolean
- honorTimestamps:
- description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.
- type: boolean
- httpSDConfigs:
- description: HTTPSDConfigs defines a list of HTTP service discovery configurations.
- items:
- description: |-
- HTTPSDConfig defines a prometheus HTTP service discovery configuration
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config
- properties:
- authorization:
- description: Authorization header configuration to authenticate against the target HTTP endpoint.
- properties:
- credentials:
- description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
+ It requires Prometheus >= v2.41.0.
+ enum:
+ - TLS10
+ - TLS11
+ - TLS12
+ - TLS13
type: string
- name:
- default: ""
+ minVersion:
description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type:
- description: |-
- Defines the authentication type. The value is case-insensitive.
-
- "Basic" is not a supported value.
+ Minimum acceptable TLS version.
- Default: "Bearer"
- type: string
- type: object
- basicAuth:
- description: |-
- BasicAuth information to authenticate against the target HTTP endpoint.
- More info: https://prometheus.io/docs/operating/configuration/#endpoints
- properties:
- password:
- description: |-
- `password` specifies a key of a Secret containing the password for
- authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- username:
- description: |-
- `username` specifies a key of a Secret containing the username for
- authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
+ It requires Prometheus >= v2.35.0.
+ enum:
+ - TLS10
+ - TLS11
+ - TLS12
+ - TLS13
type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ serverName:
+ description: Used to verify the hostname for the targets.
type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
type: object
- x-kubernetes-map-type: atomic
+ tokenUrl:
+ description: '`tokenURL` configures the URL to fetch the token from.'
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - clientSecret
+ - tokenUrl
type: object
- noProxy:
- description: |-
- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
- that should be excluded from proxying. IP and domain names can
- contain port numbers.
-
- It requires Prometheus >= v2.43.0.
- type: string
proxyConnectHeader:
additionalProperties:
items:
@@ -5233,14 +5595,58 @@ spec:
description: '`proxyURL` defines the HTTP proxy server to use.'
pattern: ^http(s)?://.+$
type: string
- refreshInterval:
+ role:
description: |-
- RefreshInterval configures the refresh interval at which Prometheus will re-query the
- endpoint to update the target list.
- pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ Role of the Kubernetes entities that should be discovered.
+ Role `Endpointslice` requires Prometheus >= v2.21.0
+ enum:
+ - Pod
+ - Endpoints
+ - Ingress
+ - Service
+ - Node
+ - EndpointSlice
type: string
+ selectors:
+ description: |-
+ Selector to select objects.
+ It requires Prometheus >= v2.17.0
+ items:
+ description: K8SSelectorConfig is Kubernetes Selector Config
+ properties:
+ field:
+ description: |-
+ An optional field selector to limit the service discovery to resources which have fields with specific values.
+ e.g: `metadata.name=foobar`
+ minLength: 1
+ type: string
+ label:
+ description: |-
+ An optional label selector to limit the service discovery to resources with specific labels and label values.
+ e.g: `node.kubernetes.io/instance-type=master`
+ minLength: 1
+ type: string
+ role:
+ description: |-
+ Role specifies the type of Kubernetes resource to limit the service discovery to.
+ Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress.
+ enum:
+ - Pod
+ - Endpoints
+ - Ingress
+ - Service
+ - Node
+ - EndpointSlice
+ type: string
+ required:
+ - role
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - role
+ x-kubernetes-list-type: map
tlsConfig:
- description: TLS configuration applying to the target HTTP endpoint.
+ description: TLS configuration to connect to the Kubernetes API.
properties:
ca:
description: Certificate authority used when verifying server certificates.
@@ -5385,70 +5791,23 @@ spec:
- TLS12
- TLS13
type: string
- serverName:
- description: Used to verify the hostname for the targets.
- type: string
- type: object
- url:
- description: URL from which the targets are fetched.
- minLength: 1
- pattern: ^http(s)?://.+$
- type: string
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
required:
- - url
+ - role
type: object
type: array
- jobName:
- description: |-
- The value of the `job` label assigned to the scraped metrics by default.
-
- The `job_name` field in the rendered scrape configuration is always controlled by the
- operator to prevent duplicate job names, which Prometheus does not allow. Instead the
- `job` label is set by means of relabeling configs.
- minLength: 1
- type: string
- keepDroppedTargets:
- description: |-
- Per-scrape limit on the number of targets dropped by relabeling
- that will be kept in memory. 0 means no limit.
-
- It requires Prometheus >= v2.47.0.
- format: int64
- type: integer
- kubernetesSDConfigs:
- description: KubernetesSDConfigs defines a list of Kubernetes service discovery configurations.
+ kumaSDConfigs:
+ description: KumaSDConfigs defines a list of Kuma service discovery configurations.
items:
description: |-
- KubernetesSDConfig allows retrieving scrape targets from Kubernetes' REST API.
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config
+ KumaSDConfig allow retrieving scrape targets from Kuma's control plane.
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config
properties:
- apiServer:
- description: |-
- The API server address consisting of a hostname or IP address followed
- by an optional port number.
- If left empty, Prometheus is assumed to run inside
- of the cluster. It will discover API servers automatically and use the pod's
- CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
- minLength: 1
- type: string
- attachMetadata:
- description: |-
- Optional metadata to attach to discovered targets.
- It requires Prometheus >= v2.35.0 when using the `Pod` role and
- Prometheus >= v2.37.0 for `Endpoints` and `Endpointslice` roles.
- properties:
- node:
- description: |-
- Attaches node metadata to discovered targets.
- When set to true, Prometheus must have the `get` permission on the
- `Nodes` objects.
- Only valid for Pod, Endpoint and Endpointslice roles.
- type: boolean
- type: object
authorization:
- description: |-
- Authorization header to use on every scrape request.
- Cannot be set at the same time as `basicAuth`, or `oauth2`.
+ description: Authorization header to use on every scrape request.
properties:
credentials:
description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
@@ -5482,9 +5841,7 @@ spec:
type: string
type: object
basicAuth:
- description: |-
- BasicAuth information to use on every scrape request.
- Cannot be set at the same time as `authorization`, or `oauth2`.
+ description: BasicAuth information to use on every scrape request.
properties:
password:
description: |-
@@ -5535,27 +5892,19 @@ spec:
type: object
x-kubernetes-map-type: atomic
type: object
+ clientID:
+ description: Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend.
+ type: string
enableHTTP2:
description: Whether to enable HTTP2.
type: boolean
+ fetchTimeout:
+ description: The time after which the monitoring assignments are refreshed.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
followRedirects:
description: Configure whether HTTP requests follow HTTP 3xx redirects.
type: boolean
- namespaces:
- description: Optional namespace discovery. If omitted, Prometheus discovers targets across all namespaces.
- properties:
- names:
- description: |-
- List of namespaces where to watch for resources.
- If empty and `ownNamespace` isn't true, Prometheus watches for resources in all namespaces.
- items:
- type: string
- type: array
- x-kubernetes-list-type: set
- ownNamespace:
- description: Includes the namespace in which the Prometheus pod runs to the list of watched namespaces.
- type: boolean
- type: object
noProxy:
description: |-
`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
@@ -5910,58 +6259,16 @@ spec:
description: '`proxyURL` defines the HTTP proxy server to use.'
pattern: ^http(s)?://.+$
type: string
- role:
- description: |-
- Role of the Kubernetes entities that should be discovered.
- Role `Endpointslice` requires Prometheus >= v2.21.0
- enum:
- - Pod
- - Endpoints
- - Ingress
- - Service
- - Node
- - EndpointSlice
+ refreshInterval:
+ description: The time to wait between polling update requests.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ type: string
+ server:
+ description: Address of the Kuma Control Plane's MADS xDS server.
+ minLength: 1
type: string
- selectors:
- description: |-
- Selector to select objects.
- It requires Prometheus >= v2.17.0
- items:
- description: K8SSelectorConfig is Kubernetes Selector Config
- properties:
- field:
- description: |-
- An optional field selector to limit the service discovery to resources which have fields with specific values.
- e.g: `metadata.name=foobar`
- minLength: 1
- type: string
- label:
- description: |-
- An optional label selector to limit the service discovery to resources with specific labels and label values.
- e.g: `node.kubernetes.io/instance-type=master`
- minLength: 1
- type: string
- role:
- description: |-
- Role specifies the type of Kubernetes resource to limit the service discovery to.
- Accepted values are: Node, Pod, Endpoints, EndpointSlice, Service, Ingress.
- enum:
- - Pod
- - Endpoints
- - Ingress
- - Service
- - Node
- - EndpointSlice
- type: string
- required:
- - role
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - role
- x-kubernetes-list-type: map
tlsConfig:
- description: TLS configuration to connect to the Kubernetes API.
+ description: TLS configuration to use on every scrape request
properties:
ca:
description: Certificate authority used when verifying server certificates.
@@ -6111,18 +6418,60 @@ spec:
type: string
type: object
required:
- - role
+ - server
type: object
type: array
- kumaSDConfigs:
- description: KumaSDConfigs defines a list of Kuma service discovery configurations.
+ labelLimit:
+ description: |-
+ Per-scrape limit on number of labels that will be accepted for a sample.
+ Only valid in Prometheus versions 2.27.0 and newer.
+ format: int64
+ type: integer
+ labelNameLengthLimit:
+ description: |-
+ Per-scrape limit on length of labels name that will be accepted for a sample.
+ Only valid in Prometheus versions 2.27.0 and newer.
+ format: int64
+ type: integer
+ labelValueLengthLimit:
+ description: |-
+ Per-scrape limit on length of labels value that will be accepted for a sample.
+ Only valid in Prometheus versions 2.27.0 and newer.
+ format: int64
+ type: integer
+ lightSailSDConfigs:
+ description: LightsailSDConfigs defines a list of Lightsail service discovery configurations.
items:
description: |-
- KumaSDConfig allow retrieving scrape targets from Kuma's control plane.
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kuma_sd_config
+ LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances.
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config
properties:
+ accessKey:
+ description: AccessKey is the AWS API key.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
authorization:
- description: Authorization header to use on every scrape request.
+ description: |-
+ Optional `authorization` HTTP header configuration.
+ Cannot be set at the same time as `basicAuth`, or `oauth2`.
properties:
credentials:
description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
@@ -6156,7 +6505,9 @@ spec:
type: string
type: object
basicAuth:
- description: BasicAuth information to use on every scrape request.
+ description: |-
+ Optional HTTP basic authentication information.
+ Cannot be set at the same time as `authorization`, or `oauth2`.
properties:
password:
description: |-
@@ -6207,18 +6558,15 @@ spec:
type: object
x-kubernetes-map-type: atomic
type: object
- clientID:
- description: Client id is used by Kuma Control Plane to compute Monitoring Assignment for specific Prometheus backend.
- type: string
enableHTTP2:
- description: Whether to enable HTTP2.
+ description: Configure whether to enable HTTP2.
type: boolean
- fetchTimeout:
- description: The time after which the monitoring assignments are refreshed.
- pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
+ endpoint:
+ description: Custom endpoint to be used.
+ minLength: 1
type: string
followRedirects:
- description: Configure whether HTTP requests follow HTTP 3xx redirects.
+ description: Configure whether the HTTP requests should follow HTTP 3xx redirects.
type: boolean
noProxy:
description: |-
@@ -6230,8 +6578,8 @@ spec:
type: string
oauth2:
description: |-
- Optional OAuth 2.0 configuration.
- Cannot be set at the same time as `authorization`, or `basicAuth`.
+ Optional OAuth2.0 configuration.
+ Cannot be set at the same time as `basicAuth`, or `authorization`.
properties:
clientId:
description: |-
@@ -6531,6 +6879,14 @@ spec:
- clientSecret
- tokenUrl
type: object
+ port:
+ description: |-
+ Port to scrape the metrics from.
+ If using the public IP address, this must instead be specified in the relabeling rule.
+ format: int32
+ maximum: 65535
+ minimum: 0
+ type: integer
proxyConnectHeader:
additionalProperties:
items:
@@ -6575,15 +6931,40 @@ spec:
pattern: ^http(s)?://.+$
type: string
refreshInterval:
- description: The time to wait between polling update requests.
+ description: Refresh interval to re-read the list of instances.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
- server:
- description: Address of the Kuma Control Plane's MADS xDS server.
+ region:
+ description: The AWS region.
minLength: 1
type: string
+ roleARN:
+ description: AWS Role ARN, an alternative to using AWS API keys.
+ type: string
+ secretKey:
+ description: SecretKey is the AWS API secret.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
tlsConfig:
- description: TLS configuration to use on every scrape request
+ description: TLS configuration to connect to the Puppet DB.
properties:
ca:
description: Certificate authority used when verifying server certificates.
@@ -6732,61 +7113,17 @@ spec:
description: Used to verify the hostname for the targets.
type: string
type: object
- required:
- - server
type: object
type: array
- labelLimit:
- description: |-
- Per-scrape limit on number of labels that will be accepted for a sample.
- Only valid in Prometheus versions 2.27.0 and newer.
- format: int64
- type: integer
- labelNameLengthLimit:
- description: |-
- Per-scrape limit on length of labels name that will be accepted for a sample.
- Only valid in Prometheus versions 2.27.0 and newer.
- format: int64
- type: integer
- labelValueLengthLimit:
- description: |-
- Per-scrape limit on length of labels value that will be accepted for a sample.
- Only valid in Prometheus versions 2.27.0 and newer.
- format: int64
- type: integer
- lightSailSDConfigs:
- description: LightsailSDConfigs defines a list of Lightsail service discovery configurations.
+ linodeSDConfigs:
+ description: LinodeSDConfigs defines a list of Linode service discovery configurations.
items:
description: |-
- LightSailSDConfig configurations allow retrieving scrape targets from AWS Lightsail instances.
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#lightsail_sd_config
+ LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4.
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config
properties:
- accessKey:
- description: AccessKey is the AWS API key.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
authorization:
- description: |-
- Optional `authorization` HTTP header configuration.
- Cannot be set at the same time as `basicAuth`, or `oauth2`.
+ description: Authorization header configuration.
properties:
credentials:
description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
@@ -6819,69 +7156,11 @@ spec:
Default: "Bearer"
type: string
type: object
- basicAuth:
- description: |-
- Optional HTTP basic authentication information.
- Cannot be set at the same time as `authorization`, or `oauth2`.
- properties:
- password:
- description: |-
- `password` specifies a key of a Secret containing the password for
- authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- username:
- description: |-
- `username` specifies a key of a Secret containing the username for
- authentication.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
enableHTTP2:
- description: Configure whether to enable HTTP2.
+ description: Whether to enable HTTP2.
type: boolean
- endpoint:
- description: Custom endpoint to be used.
- minLength: 1
- type: string
followRedirects:
- description: Configure whether the HTTP requests should follow HTTP 3xx redirects.
+ description: Configure whether HTTP requests follow HTTP 3xx redirects.
type: boolean
noProxy:
description: |-
@@ -6893,8 +7172,8 @@ spec:
type: string
oauth2:
description: |-
- Optional OAuth2.0 configuration.
- Cannot be set at the same time as `basicAuth`, or `authorization`.
+ Optional OAuth 2.0 configuration.
+ Cannot be used at the same time as `authorization`.
properties:
clientId:
description: |-
@@ -7195,9 +7474,7 @@ spec:
- tokenUrl
type: object
port:
- description: |-
- Port to scrape the metrics from.
- If using the public IP address, this must instead be specified in the relabeling rule.
+ description: Default port to scrape metrics from.
format: int32
maximum: 65535
minimum: 0
@@ -7246,40 +7523,19 @@ spec:
pattern: ^http(s)?://.+$
type: string
refreshInterval:
- description: Refresh interval to re-read the list of instances.
+ description: Time after which the linode instances are refreshed.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
region:
- description: The AWS region.
+ description: Optional region to filter on.
minLength: 1
type: string
- roleARN:
- description: AWS Role ARN, an alternative to using AWS API keys.
+ tagSeparator:
+ description: The string by which Linode Instance tags are joined into the tag label.
+ minLength: 1
type: string
- secretKey:
- description: SecretKey is the AWS API secret.
- properties:
- key:
- description: The key of the secret to select from. Must be a valid secret key.
- type: string
- name:
- default: ""
- description: |-
- Name of the referent.
- This field is effectively required, but due to backwards compatibility is
- allowed to be empty. Instances of this type with an empty value here are
- almost certainly wrong.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
tlsConfig:
- description: TLS configuration to connect to the Puppet DB.
+ description: TLS configuration applying to the target HTTP endpoint.
properties:
ca:
description: Certificate authority used when verifying server certificates.
@@ -7402,46 +7658,185 @@ spec:
- key
type: object
x-kubernetes-map-type: atomic
- maxVersion:
+ maxVersion:
+ description: |-
+ Maximum acceptable TLS version.
+
+ It requires Prometheus >= v2.41.0.
+ enum:
+ - TLS10
+ - TLS11
+ - TLS12
+ - TLS13
+ type: string
+ minVersion:
+ description: |-
+ Minimum acceptable TLS version.
+
+ It requires Prometheus >= v2.35.0.
+ enum:
+ - TLS10
+ - TLS11
+ - TLS12
+ - TLS13
+ type: string
+ serverName:
+ description: Used to verify the hostname for the targets.
+ type: string
+ type: object
+ type: object
+ type: array
+ metricRelabelings:
+ description: MetricRelabelConfigs to apply to samples before ingestion.
+ items:
+ description: |-
+ RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
+ scraped samples and remote write samples.
+
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+ properties:
+ action:
+ default: replace
+ description: |-
+ Action to perform based on the regex matching.
+
+ `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
+ `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
+
+ Default: "Replace"
+ enum:
+ - replace
+ - Replace
+ - keep
+ - Keep
+ - drop
+ - Drop
+ - hashmod
+ - HashMod
+ - labelmap
+ - LabelMap
+ - labeldrop
+ - LabelDrop
+ - labelkeep
+ - LabelKeep
+ - lowercase
+ - Lowercase
+ - uppercase
+ - Uppercase
+ - keepequal
+ - KeepEqual
+ - dropequal
+ - DropEqual
+ type: string
+ modulus:
+ description: |-
+ Modulus to take of the hash of the source label values.
+
+ Only applicable when the action is `HashMod`.
+ format: int64
+ type: integer
+ regex:
+ description: Regular expression against which the extracted value is matched.
+ type: string
+ replacement:
+ description: |-
+ Replacement value against which a Replace action is performed if the
+ regular expression matches.
+
+ Regex capture groups are available.
+ type: string
+ separator:
+ description: Separator is the string between concatenated SourceLabels.
+ type: string
+ sourceLabels:
+ description: |-
+ The source labels select values from existing labels. Their content is
+ concatenated using the configured Separator and matched against the
+ configured regular expression.
+ items:
+ description: |-
+ LabelName is a valid Prometheus label name which may only contain ASCII
+ letters, numbers, as well as underscores.
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
+ type: string
+ type: array
+ targetLabel:
+ description: |-
+ Label to which the resulting string is written in a replacement.
+
+ It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
+ `KeepEqual` and `DropEqual` actions.
+
+ Regex capture groups are available.
+ type: string
+ type: object
+ minItems: 1
+ type: array
+ metricsPath:
+ description: MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics).
+ minLength: 1
+ type: string
+ noProxy:
+ description: |-
+ `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
+ that should be excluded from proxying. IP and domain names can
+ contain port numbers.
+
+ It requires Prometheus >= v2.43.0.
+ type: string
+ nomadSDConfigs:
+ description: NomadSDConfigs defines a list of Nomad service discovery configurations.
+ items:
+ description: |-
+ NomadSDConfig configurations allow retrieving scrape targets from Nomad's Service API.
+ See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#nomad_sd_config
+ properties:
+ allowStale:
+ description: |-
+ The information to access the Nomad API. It is to be defined
+ as the Nomad documentation requires.
+ type: boolean
+ authorization:
+ description: Authorization header to use on every scrape request.
+ properties:
+ credentials:
+ description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type:
description: |-
- Maximum acceptable TLS version.
+ Defines the authentication type. The value is case-insensitive.
- It requires Prometheus >= v2.41.0.
- enum:
- - TLS10
- - TLS11
- - TLS12
- - TLS13
- type: string
- minVersion:
- description: |-
- Minimum acceptable TLS version.
+ "Basic" is not a supported value.
- It requires Prometheus >= v2.35.0.
- enum:
- - TLS10
- - TLS11
- - TLS12
- - TLS13
- type: string
- serverName:
- description: Used to verify the hostname for the targets.
+ Default: "Bearer"
type: string
type: object
- type: object
- type: array
- linodeSDConfigs:
- description: LinodeSDConfigs defines a list of Linode service discovery configurations.
- items:
- description: |-
- LinodeSDConfig configurations allow retrieving scrape targets from Linode's Linode APIv4.
- See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#linode_sd_config
- properties:
- authorization:
- description: Authorization header configuration.
+ basicAuth:
+ description: BasicAuth information to use on every scrape request.
properties:
- credentials:
- description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
+ password:
+ description: |-
+ `password` specifies a key of a Secret containing the password for
+ authentication.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@@ -7462,14 +7857,30 @@ spec:
- key
type: object
x-kubernetes-map-type: atomic
- type:
+ username:
description: |-
- Defines the authentication type. The value is case-insensitive.
-
- "Basic" is not a supported value.
-
- Default: "Bearer"
- type: string
+ `username` specifies a key of a Secret containing the username for
+ authentication.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
type: object
enableHTTP2:
description: Whether to enable HTTP2.
@@ -7477,6 +7888,8 @@ spec:
followRedirects:
description: Configure whether HTTP requests follow HTTP 3xx redirects.
type: boolean
+ namespace:
+ type: string
noProxy:
description: |-
`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
@@ -7488,7 +7901,7 @@ spec:
oauth2:
description: |-
Optional OAuth 2.0 configuration.
- Cannot be used at the same time as `authorization`.
+ Cannot be set at the same time as `authorization` or `basic_auth`.
properties:
clientId:
description: |-
@@ -7788,12 +8201,6 @@ spec:
- clientSecret
- tokenUrl
type: object
- port:
- description: Default port to scrape metrics from.
- format: int32
- maximum: 65535
- minimum: 0
- type: integer
proxyConnectHeader:
additionalProperties:
items:
@@ -7838,16 +8245,18 @@ spec:
pattern: ^http(s)?://.+$
type: string
refreshInterval:
- description: Time after which the linode instances are refreshed.
+ description: |-
+ Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function.
+ Supported units: y, w, d, h, m, s, ms
+ Examples: `30s`, `1m`, `1h20m15s`, `15d`
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
region:
- description: Optional region to filter on.
+ type: string
+ server:
minLength: 1
type: string
tagSeparator:
- description: The string by which Linode Instance tags are joined into the tag label.
- minLength: 1
type: string
tlsConfig:
description: TLS configuration applying to the target HTTP endpoint.
@@ -7999,106 +8408,12 @@ spec:
description: Used to verify the hostname for the targets.
type: string
type: object
+ required:
+ - server
type: object
type: array
- metricRelabelings:
- description: MetricRelabelConfigs to apply to samples before ingestion.
- items:
- description: |-
- RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
- scraped samples and remote write samples.
-
- More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
- properties:
- action:
- default: replace
- description: |-
- Action to perform based on the regex matching.
-
- `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.
- `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.
-
- Default: "Replace"
- enum:
- - replace
- - Replace
- - keep
- - Keep
- - drop
- - Drop
- - hashmod
- - HashMod
- - labelmap
- - LabelMap
- - labeldrop
- - LabelDrop
- - labelkeep
- - LabelKeep
- - lowercase
- - Lowercase
- - uppercase
- - Uppercase
- - keepequal
- - KeepEqual
- - dropequal
- - DropEqual
- type: string
- modulus:
- description: |-
- Modulus to take of the hash of the source label values.
-
- Only applicable when the action is `HashMod`.
- format: int64
- type: integer
- regex:
- description: Regular expression against which the extracted value is matched.
- type: string
- replacement:
- description: |-
- Replacement value against which a Replace action is performed if the
- regular expression matches.
-
- Regex capture groups are available.
- type: string
- separator:
- description: Separator is the string between concatenated SourceLabels.
- type: string
- sourceLabels:
- description: |-
- The source labels select values from existing labels. Their content is
- concatenated using the configured Separator and matched against the
- configured regular expression.
- items:
- description: |-
- LabelName is a valid Prometheus label name which may only contain ASCII
- letters, numbers, as well as underscores.
- pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
- type: string
- type: array
- targetLabel:
- description: |-
- Label to which the resulting string is written in a replacement.
-
- It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,
- `KeepEqual` and `DropEqual` actions.
-
- Regex capture groups are available.
- type: string
- type: object
- type: array
- metricsPath:
- description: MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics).
- type: string
- noProxy:
- description: |-
- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names
- that should be excluded from proxying. IP and domain names can
- contain port numbers.
-
- It requires Prometheus >= v2.43.0.
- type: string
oauth2:
- description: OAuth2 client credentials used to fetch a token for the targets.
+ description: OAuth2 configuration to use on every scrape request.
properties:
clientId:
description: |-
@@ -9545,6 +9860,7 @@ spec:
Regex capture groups are available.
type: string
type: object
+ minItems: 1
type: array
sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
@@ -9873,6 +10189,7 @@ spec:
- OpenMetricsText1.0.0
- PrometheusText0.0.4
type: string
+ minItems: 1
type: array
x-kubernetes-list-type: set
scrapeTimeout: